1. Luminis 5 Portal: Part 1
Bake at 350 for 45 Days
Melissa Miller Pat O’Gorman
Manager, Web Applications Sr. Web Application Developer
millermm@lasalle.edu ogorman@lasalle.edu
#PABUG
La Salle University
Philadelphia, PA
2. General Announcements:
• Please silence all cell phones
• If you must leave the session early, please
do so as discreetly as possible
• Please avoid side conversations during
the session
• Questions will be answered at the end of
each section.
Thank you for your cooperation
3. La Salle University
• La Salle is a Catholic University founded by the
Christian Brothers in Philadelphia in 1863.
• Three campuses: North East Philadelphia,
Bucks County and Montgomery County
• Recent expansion projects
– The acquisition of Germantown Hospital for the
School of Nursing and Health Sciences
– The expansion of Roland Holroyd Science Center
to include environmentally friendly laboratories,
classrooms, and lounges
4. La Salle University
• The University student body of 7,500
students includes
– 3,400 full-time undergraduates
– 1,400 part-time undergraduates
– 2,700 graduate and doctoral students.
• Enrollment has grown 16 percent in the past
10 years.
• Students come from 44 states and 27 foreign
countries
• Two-thirds of undergraduates live on
campus
10. Installation, Configuration & Tuning
• Installed as root and using privileged ports
– 80 and 443 (Portal, Admin, CAS)
– 389 and 636 (LDAP)
11. Installation, Configuration & Tuning
• Starting and stopping tiers
– Documentation lists 3 methods:
• Install and start as root
• Install and start as non-root user
• Install as root and start as non-root user (but requires
root password)
– LP5 Wiki has 4th method:
• Install as root and start as non-root user (no root
password required)
12. Installation, Configuration & Tuning
• Modify sudoers file to allow non-root user to
execute Luminis scripts
User_Alias CPUSER=cpadmin
Cmnd_Alias CP=/opt/luminis/bin/lpstart,
/opt/luminis/bin/lpstop,
/opt/luminis/bin/10-ldap,
/opt/luminis/bin/20-cas-webserver,
/opt/luminis/bin/25-admin-webserver,
/opt/luminis/bin/30-portal-webserver
CPUSER ALL=NOPASSWD:CP
13. Installation, Configuration & Tuning
• Add an environment variable to user’s profile
SUDO="/usr/bin/sudo"; export SUDO
14. Installation, Configuration & Tuning
• Add a function to $CP_ROOT/bin/run-checker
AbsolutePath()
{
dir=`dirname $0`
dir=`cd $dir; pwd`
echo "$dir/`basename $0`“
}
15. Installation, Configuration & Tuning
• The default connection pool settings for CAS
are not adequate for production
– Crashes under heavy load
p:initialPoolSize="5“ “10"
p:minPoolSize="5“ “10"
p:maxPoolSize="10“ "50"
p:checkoutTimeout="100“ “3000”
16. Installation, Configuration & Tuning
• Database indexes
– CREATE INDEX IDX_PORTAL_USR_ID ON
LP_PERSON(PORTAL_USER_ID);
– CREATE INDEX IDX_LP_PERSON_SRC_PERSON on
LP_PERSON (IMS_ENTERPRISE_SRC_ID, EXT_PERSONID);
– CREATE INDEX IDX_LP_PERSON_MAJORS_01 on
LP_PERSON_MAJORS (PERSON_ID, MAJORS_ID);
– CREATE INDEX IDX_LP_PERSON_ROLE_01 on
LP_PERSON_ROLE(PERSON_ID, ROLE_ID);
19. SSO Manager & Events
• Banner channels works by sending a request
to Banner when the channel is rendered
• Banner returns XML data in response to
request and particular user
• XML is transformed and rendered in portlet
• Portlet contains links that deep link in SSB
pages
20. SSO Manager & Events
• For users that have Luminis user names matching their INB
user name, BANPROXY must be enabled in GSASECR
• Luminis Portlets for Banner is deployed on a separate
application server
– This communicates with the Banner database which then
communicates with Luminis
• In 5.0.4 and later, configuration takes place in Jconsole
– Prior to this, a separate banportals.properties file was used
21. SSO Manager & Events
• After a user clicks on a link in a Banner channel, the
SSO Manager takes over
• The SSO Manager verifies the user’s identity via CAS
and obtains a UDCID which is unique to each user
• It looks for a record in GOBUMAP containing this
UDCID and from that obtains the PIDM
• If this process is successful, a cookie is returned to
the user’s browser allowing access to SSB
22. SSO Manager & Events
• New users, updates to existing users, and
course enrollments make their way into
Luminis via the Learning Management
Gateway
– An event is triggered when certain records are
created or updated
• Process in Luminis 5 is similar to that in
Luminis 4
23. SSO Manager & Events
Flow of Data
Banner LMG Glassfish MQ Luminis
24. SSO Manager & Events
• Difference from Luminis 4: Glassfish MQ
replaces Luminis Message Broker (LMB)
– Old method will work, but new is preferred
• By default, LMG retrieves 30 events from
Banner every 60 seconds
– We increased this to 500 events every 10 seconds
• In our installation: LMG, Glassfish, Admin
server, and LDAP are on same server
26. User Migration
Re-Synced with Banner
All users needed to create new passwords
(aka: Self-Service PINS)
How do we get all users to create new
passwords without mass chaos??
40. Overall Experience
• Better than Luminis 4 go-live
• Wiki Tuning Guide very useful
• Pretty Stable
• Disappointed with Banner Channels
• Easy to create your own portlets/widgets
• Community tools not user friendly
41. Next Up:
Luminis 5 Portal: Part 2
Add Filling and Decorate
•Theme development
•Deep linking to SSB
•SSO to Live@Edu
•Deep linking to Blackboard
•Portal Content System
•Chat
Hello everyone and welcome to our presentation on Luminis 5. My name is Melissa Miller and I am the Web Applications Manager for La Salle and this is Pat O’Gorman, our Senior Web Application Developer.
We have some general announcements before we get started….Please silence all cell phones, and be discrete if you need to leave the session early. Please avoid side conversations if possible, but texting each other is OK. In Fact, feel free to tweet about this session to make your friends at home envious that they missed out on your Monday adventures in Grantville PA.Questions will be answered at the end of each section. I say this because often someone will have a question that we were just about to discuss. For Example, before we move on from architecture to installation, we will ask if anyone has any questions.
Here are some required slides on La Salle University. We are a Catholic University founded by the Christian Brothers in Philadelphia in 1863.We have three campuses in the Philadelphia area: North East Philadelphia, Bucks County and Montgomery CountySome recent expansion projects includeThe acquisition of Germantown Hospital for the School of Nursing and Health SciencesThe expansion of Roland Holroyd Science Center to include environmentally friendly laboratories, classrooms, and lounges
The University has a student body of 7,500 students. Enrollment has grown 16 percent in the past 10 years, with a diverse population of students coming from 44 states and 27 foreign countries.Two-thirds of undergraduates live on campus
This morning, we are going to take you through some of our experiences with getting Luminis 5 off the ground. Pat will get us started and discuss our network architecture, installation, configuration, and tuning. We will stop and ask for questions before moving onto Banner Integration, SSO Manager and Event Processing. We will pause for questions again before moving on to how we migrated our users from Luminis 4 to Luminis 5, then provide some details on our load balancing environment and conclude with our overall experience of this adventure.Sound Good? GreatPat O’Gorman will start us off with Architecture.
In moving forward with Luminis 5, we decided to re sync portal accounts back up with Banner. With Luminis 4, we only had accounts pushed from banner during the initial creation, but managed separately in the luminis LDAP after that. This was because of the PIN length restrictions prior to Banner 8. We were limited to 6 character Pins. We wanted a more secure password due to the single sign on capabilities from the portal into email and blackboard. A six charactaer password was not good enough. Now that Banner 8 has more robust password management, we are comfortable with syncing them back up. The downside to this is that most users did not know what their self service PIN is. We had a major task on our hands. Do we generate new passwords and mail home account letters? Is there a way to let users create their own PW? How do we communicate this change? FERPA prevents us from emailing passwords. Mass Caos was doomed to occur. Or was it?
In moving forward with Luminis 5, we decided to re sync portal accounts back up with Banner. With Luminis 4, we only had accounts pushed from banner during the initial creation, but managed separately in the luminis LDAP after that. This was because of the PIN length restrictions prior to Banner 8. We were limited to 6 character Pins. We wanted a more secure password due to the single sign on capabilities from the portal into email and blackboard. A six charactaer password was not good enough. Now that Banner 8 has more robust password management, we are comfortable with syncing them back up. The downside to this is that most users did not know what their self service PIN is. We had a major task on our hands. Do we generate new passwords and mail home account letters? Is there a way to let users create their own PW? How do we communicate this change? FERPA prevents us from emailing passwords. Mass Chaos was doomed to occur. Or was it?
During a brainstorming event at the conference room table, we came up with a solution that would allow users to gradually migrate to the new system. I will go into details on that in a minute. First let me explain how we presented the solution the end users. About a month before launch, on our old portal, we created a portlet on the main page that the announced the new portal was live in beta, and to ‘Click Here’ to register their account. Once they registered, they were redirected to the new ‘portal.lasalle.edu’ to try it out. Once we were confident the user migration process was successful, we then forced ‘my.lasalle.edu’ to go directly to the new Luminis 5 portal. Users that had issues migrating could still go to ‘inside.lasalle.edu’ to access the old portal and not lose access to portal functions such as SSO to email and blackboard while their account was troubleshooted.What you see above is the login page for our luminis 5 portal. We created a button that would walk the users through the migration process. Once they migrated, they would login below using the regular login box. So lets take a look at our custom migration process….
When users clicked the New User button, they were presented with a lightbox popup that explained the steps they were about to take to set up their accounts.
The first step is to login to a login box that resembled our old portal login. This validated them against luminis 4 CAS
…and allowed us to deep link them to a self service banner page that we customized. P_ChangePin is the change pin page in self service banner. When a user updates their PIN in SSB, their new password is fired over into the new portal. This page was framed in a lightbox to make the experience seem seamless.
Next they updated their password reset questions, just like they would in self service banner.
After successfully setting their new account information, we make them watch a brief video on the new portal. This bought us enough time to make sure their account fired over from Banner into Luminis 5. in 95% of the time if they watched the video, by the end of it they were able to log in (step 4) Next
For those that are interested in how we customized Luminis 5 to make it the awesome portal it is today, you can stay for our next session: Luminis 5 add filling and decorate. We will discuss:Theme developmentDeep linking to SSBSSO to Live@EduDeep linking to BlackboardPortal Content SystemChat