Microservices in The Brightspace Cloud

Microservices
in the Brightspace Cloud

Microservices in the Brightspace Cloud
Contents

Contents
ABOUT MICROSERVICES IN THE BRIGHTSPACE CLOUD .................................................................................... 5
MICROSERVICES AND ON-PREMISE CLIENTS ................................................................................................... 6
MICROSERVICES AND DATA ............................................................................................................................ 6
MICROSERVICES ARCHITECTURE ..................................................................................................................... 7
OVERVIEW OF RELEASED MICROSERVICES ...................................................................................................... 8
Authentication Service ...................................................................................................................................... 10
Brightspace Assignment Grader Transcoding Service ....................................................................................... 11
Brightspace Binder Data Store .......................................................................................................................... 12
Caliper Gateway Service .................................................................................................................................... 13
Dates Service ..................................................................................................................................................... 14
Distributed Event Framework Service ............................................................................................................... 16
EduDentity Authentication Service ................................................................................................................... 18
Feed Service ...................................................................................................................................................... 19
Hypermedia Proxy Service ................................................................................................................................ 22
Landlord Service ................................................................................................................................................ 23
LMS Discovery Service ....................................................................................................................................... 25
User Info Service ............................................................................................................................................... 27
MICROSERVICES AND THE BRIGHTSPACE DATA PLATFORM ........................................................................... 28
ABOUT D2L .................................................................................................................................................... 30

2016 by D2L Corporation. All rights reserved. 2

Document Change History

This version of the document replaces all previous versions. The following table describes the most recent changes to
this document.
Revision Date Summary of Changes
June 2, 2016 Renamed the Activity Sequence Service to

Hypermedia Proxy Service.
Updated the topic Overview of released

microservices and updated the microservices
architecture diagram.
Added topics: Brightspace Assignment Grader

Transcoding Service, Brightspace Binder Data Store,
and EduDentity Authentication Service.
May 5, 2016 Updated topic Feed Service - added reference to the

Content as instant notifications have been enabled
through the Feed Service when content overview is
created or updated.
Updated section Microservices and the Brightspace

Data Platform to illustrate the data being
transmitted.
March 11, 2016 Renamed "How microservices work with the

Brightspace Data Platform" section to
"Microservices and the Brightspace Data Platform".
Added a "Microservices and data" section.
Updated information about data transmission and

storage in the following sections: "Caliper Gateway
Service", "Distributed Event Framework", and
"Microservices and the Brightspace Data Platform".

March 3, 2016 Added the Hypermedia Proxy Service topic.
Updated images and related content to show User

Info Service dependency.
Added the "Caliper Gateway Service" and "How

microservices work with the Brightspace Data
Platform" sections.
Updated the "Distributed Event Framework Service"

section to indicate how it interacts with the
Brightspace Data Platform.
February 4, 2016 Updated the "User Info Service" section to indicate

that personalized course names are stored in the
service
January 6, 2016 Added a note to the "Feed Service" section to

indicate the type of course information that is no
longer transmitted through the Feed Service
December 3, 2015 Added the User Info Service
Provided clarification on Auth tokens, device ID,

end-user dates, and what the Feed Service stores
November 5, 2015 Updated data transmission and encryption

information in "Dates Service" and "Feed Service"
sections
October 1, 2015 Update to indicate that Authentication Service is on

by default
September 3, 2015 Added proxy server support for the Authentication

Service and clarified dependencies in the
Microservices architecture diagram
August 6, 2015 Initial Release

About microservices in the Brightspace Cloud
About microservices in the Brightspace Cloud

As the Brightspace platform continues to improve and evolve, some of its functionality is now delivered using a pattern
known as Microservice Architecture. This architecture involves separating software otherwise bundled together into
independent and lightweight components (microservices or simply known as services) that communicate across a
network (typically, via https) rather than being bundled directly together. The location of each microservice in the
Brightspace Cloud is based on many factors including expected usage patterns, availability, resiliency, and
dependencies on other microservices. As a result, some microservices reside in D2L data centers or Amazon Web
Services (AWS). For the most part, the locations of microservices have no end-user impact on how the Brightspace
platform is used. Some Brightspace products also use microservices that store data outside of D2L data centers. For
example, the Brightspace Data Platform uses AWS for data storage and the Dates Service uses IBM Cloudant for
database storage. If applicable, data storage considerations are covered as part of the D2L master agreement (MA)
and/or amendments.
Development and operations teams at D2L experience many of the direct benefits of microservices, but that change
and renewal also lets us further improve experiences and functionality for our users. These benefits flow from one key
idea: narrowly focused system components that exchange functional services with other components via well-defined
network API boundaries.
The narrowly focused and separated components give our teams the option to employ a variety of technologies and
scalability strategies, rather than settling for those intended for combined application. For example, the Brightspace
Data Platform takes advantage of the distributed processing provided by Apache Hadoop clusters when performing
its aggregation and analysis. This technique would not be relevant to other Brightspace product areas such as
discussion posts.
Additionally, the separation also helps our teams effectively and quickly adapt to new technologies and approaches as
they become available. For example, we have been able to create new user interfaces that leverage specialized
web-side user interface frameworks and interact directly with microservices. This flexibility allows our teams to develop
and refine new workflows for our users using the most effective technology.
Our test-focused staff also can make effective use of this architectural change because they can take advantage of
alternatives around testing microservices that emerge because of the formal service boundaries. Our Brightspace
Valence developer community can also take advantage of these boundaries, because each of them naturally becomes
an API candidate for users looking to develop custom workflows or tools that integrate into the Brightspace platform.
The implementation of microservices and the coordination of development and operations teams has enriched D2L's
approach to network infrastructure and deepened our expertise in a variety of more specialized technology platforms.

Microservices and on-premise clients
Microservices and on-premise clients

On-premise clients access the same D2L microservices in AWS as hosted clients, but they access them through their
on-premise Brightspace instances. D2L microservices in AWS do not require any installation. D2L microservices in AWS
cannot be hosted in on-premise environments.
To access certain features in Brightspace platform 10.6, on-premise clients must agree to permit access to centrally
hosted microservices. For example, the Landlord Service and Authentication Service are required for accessing
Brightspace Insights and Brightspace Pulse. Specifics on how to do this depend on how each client's environment is
configured. For example, a client may have specific firewall restrictions that their IT department must adjust to permit
traffic to D2L microservices in AWS.
Health checks that report on the availability of D2L microservices in AWS are monitored by D2L and are not available to
on-premise clients.
Microservices and data

Depending on its function, transmission and storage of data is a consideration for microservices. The location of each
data store is based on many factors, including the location of the microservice itself, security of the data, availability of
the data, and dependencies on other microservices. D2L works with customers in many regions, jurisdictions, and
markets with different needs and requirements around data privacy. We provide information on the data that is
transmitted and stored for each microservice, allowing organizations to review it as needed.

Microservices architecture
Microservices architecture
The following architecture diagram displays current D2L microservices, their deployment locations in the Brightspace
Cloud, and the dependencies among them with new Brightspace products and other microservices. For detailed
information, refer to the sections for individual microservices in this guide.
Figure 1: An overview of microservices in the Brightspace Cloud

Overview of released microservices

Microservice Name Role Released In Instance Location Depends On Depended On By
Landlord Service Provides each 10.5.0 1 global AWS n/a Authentication

Brightspace instance instance Service
with a TenantId, a
Distributed Event
permanent globally
Framework Service
unique identifier.
Brightspace
Insights
Brightspace Data
Platform
Authentication Provides user and 10.5.0 1 global AWS Landlord Service Brightspace Pulse
Service service-level instance
Brightspace
authentication and
Insights
authorization via the
OAuth2 protocol. Brightspace Data
Platform
Caliper Gateway
Dates Service Provides an API for 10.5.1 1 global cluster AWS Landlord Service Brightspace Pulse
learners' personal
Authentication
dates. Currently, only
Service
used by Brightspace
Pulse. User Info Service
Feed Service Provides an API for 10.5.0 1 global cluster AWS Landlord Service Brightspace Pulse
learner updates to
Authentication
Announcements and
Service
Grades tools.
Currently, only used User Info Service
by Brightspace Pulse.
LMS Discovery Provides a list of 10.5.1 1 global AWS none Brightspace Pulse
Service Brightspace instances instance
so app users (i.e.
Brightspace Pulse)
don't need to know
their instance URL.

Distributed Event Provides awareness Available to 1 instance per D2L Data Landlord Service Brightspace Data
Framework Service of Brightspace clients on Data Center Center Platform
Learning 10.4+
Environment events
for other Brightspace
services such as
Brightspace Insights.
Caliper Gateway Provides an API for TBD 1 global AWS Authentication Brightspace Data
Service 3rd-party tools to instance Service Platform
send events to the
Brightspace Data
Platform.
User Info Service Provides storage of 10.5.5 1 global AWS none Brightspace Pulse
user preferences and instance
Dates Service
filters user
information between Feed Service
Brightspace Pulse
and Brightspace
Learning
Environment.
Hypermedia Proxy Acts as a proxy or 10.5.7 1 global AWS Landlord Service Brightspace
Service mediator to learning instance platform
Authentication
paths within
Service
Brightspace platform.
Brightspace Converts files from Pre 10.3 1 global Azure (West EduDentity Brightspace
Assignment Grader one format to instance US) Authentication Assignment Grader
Transcoding Service another for Service
Brightspace
Assignment Grader
to consume.

Brightspace Binder Not a service but a Pre 10.3 1 global cluster Azure n/a Brightspace Pulse
Data Store storage area for (South
Binder documents. Central US,
West US)
EduDentity Stores, manages, and Pre 10.3 1 global Azure n/a Brightspace Binder
Authentication authenticates users instance (South Data Store
Service independent of Central US,
Brightspace Learning West US)
Environment.
Authentication Service
The Authentication Service (or Auth) is an OAuth 2.0 security token microservice. Its primary responsibility is to issue
security tokens to authorized clients (software applications, including free-range apps) to enable them to interact with
D2L microservices.
By design, the Authentication Service, on which Brightspace Pulse is dependent, does not support self-signed, expired,
or invalid certificates. Organizations using any of these will not be able to use Brightspace Pulse.
The Authentication Service is enabled by default. As a result, Brightspace features or products that depend on the
Authentication Service, such as Brightspace Pulse, can be accessed. Currently, all features or products that depend on
the Authentication Service are turned off by default. If those features or products are enabled, it is possible for data to
flow into them.
Location
A globally accessible D2L microservice that resides in AWS.
Dependencies
Depends on the Landlord Service. Before using the Authentication Service, on-premise clients must register their
org with the Landlord Service.
Depended on by multiple microservices, Brightspace Pulse, and Brightspace Insights.
Data Stored
The Authentication Service stores the URLs of authorized clients (software applications, including free-range apps) and
provisions access tokens for these clients for service-to-service authentication used by Brightspace products. It stores

the userId as part of the context for user authentication - for example, when authenticating a user of the data API for
the Brightspace Data Platform.
Using a proxy server with the Authentication Service for on-premise clients
The Authentication Service supports proxy servers. This allows on-premise clients that use proxy servers to take
advantage of Brightspace products that depend on the Authentication Service such as Brightspace Pulse.
For on-premise clients using a proxy server, allow outbound traffic from Brightspace Learning Environment to
https://auth.brightspace.com.
Important: You must specify the host name (not the IP address) and port 443.
How the Service Works

The Authentication Service facilitates service-level and user-level authentication and authorization. The following
example summarizes user-level authentication and authorization.
1. A learner navigates to a tool that depends on the Authentication Service.
2. The Learning Management System (LMS) contacts the Authentication Service, provisions an Auth token (JSON Web
Token) for the learner, and provides the Auth token to the tool/application.
3. While using the tool, JavaScript running in the learners browser can call secured D2L microservices directly,
providing the Auth token during each request.
4. Microservices extract and authenticate the Auth token, then ensure that the caller is authorized to perform the
requested operation before proceeding.
In this way, the learners browser is less tightly coupled to the LMS, which improves performance and robustness, and
facilitates the development of new Brightspace features.
Brightspace Assignment Grader Transcoding Service

Description
The Brightspace Assignment Grader Transcoding Service converts documents from a given format into a format that
can be read by Brightspace Assignment Grader. Brightspace Assignment Grader requires this functionality to support
annotating files submitted by learners for grading.
Location
One global instance in Microsoft Azure West US.
Dependencies
Depends on EduDentity Authentication Service.
Depended on by Brightspace Assignment Grader.
Data Transmitted/Stored
Data is cached for five days, after which is it is automatically deleted. There is no long term storage.

A programmatic identifier for the user such as User ID = 123.
The converted file and the identified file type.

1. Brightspace Assignment Grader submits a file to the service.
2. The service converts the file and returns a link.
3. The file and associated data is deleted five days after the request is made.
Brightspace Binder Data Store

Description
The Brightspace Binder Data Store contains Binder documents on behalf of a user. It is not a microservice, but is a
centralized repository that is used by Brightspace Binder.
Location
One global instance in Microsoft Azure South Central US and West US.
Dependencies
Depended on by Brightspace Binder.
Files related to the user, including tags, annotations, and metadata.

1. Brightspace Binder submits documents for storage in the Brightspace Binder data store.
2. At a later point in time, Brightspace Binder requests a document on behalf of a user.
3. An authentication check happens for the user.
4. The requested document is retrieved.

Caliper Gateway Service

Description
The Caliper Gateway Service allows 3rd-party tools implementing the Caliper Analytics 1.0 Standard to send events to
the Brightspace Data Platform for storage and aggregation.
Location
One global instance in AWS.
Dependencies
Depends on the Authentication Service.
Depended on by the Brightspace Data Platform.
The Caliper Gateway Service does not store any client data. The service transmits data in the form of events, from a 3rd
party tool to the Brightspace Data Platform. The Caliper Gateway Service uses the HTTPS networking protocol. While in
transit, all events are encrypted. The events that are transmitted contain programmatic identifiers for the user, the
context of the event, and the type of the event. For example:
A programmatic identifier for courses such as Course ID = 987.
Events such as logins, tool access, and content visits are identified by the programmatic identifier for the user.

1. A learner performs an action in a 3rd-party tool which triggers events.
2. The 3rd-party tool sends events to the Caliper Gateway Service.
3. The Caliper Gateway Service sends events to the Brightspace Data Platform.

Figure 2: How the Caliper Gateway sends events to the Brightspace Data Platform
Dates Service
Description
The Dates Service provides an API for learner dates, for example, Brightspace Pulse uses the Dates Service to provide
details on assignment due dates and scheduled exams.
Location
A global cluster that resides in AWS. The Dates Service Database resides in IBM Cloudant.
Dependencies
Depends on the Authentication Service and Landlord Service, and User Info Service.
Depended on by Brightspace Pulse.

To communicate, devices and microservices use the HTTPS networking protocol. While in transit, all data is encrypted;
however, data at rest is not encrypted.
The userID in data is a composite key along with the course offering ID; it is not a universally accepted global ID for the
user. The user ID cannot be linked to a user's name or identity. In the database, user IDs appear as a series of repeated
numbers.
Regarding data retention, D2L requires the user ID to report on general user data; it is not used to report on the activity
of a specific user. For example, the user ID may be used to report on how many users have an average of three or more
dates per month. D2L would not use the data to report on how many times John Smith looks at his deadlines. D2L
retains the data as long as required to generate reports based on general user data. The reports are subject to change
at D2Ls discretion and client-specific data is subject to the terms specified in the MA, including data retention past
contract termination.
Dates Service Database Data Scope Retention Policy
Calendar Course offering ID (key), All course offerings for all Not stored
title, description, date, type instances at a given data
(test, assignment) center
Grades (Weights and Course offering, grade item All course offerings for all Not stored
point values) instances at a given data
center
End-user personal date Title, description, date, User As long as required for
grade weight, type (test, analytical purposes
Note: End-user personal
assignment)
dates are created by
end-users (midterms,
assignments, etc.); the
information doesn't
currently exist in the
LMS. However, after
creation, the dates
persist between devices.

1. When a learner uses Brightspace Pulse, an API request is made to retrieve date information, for example,
scheduled exams.
2. The request is forwarded to the Dates Service.
3. If the data is stored in Brightspace Learning Environment, the data is retrieved using the Valence API. If the data is
not stored in Brightspace Learning Environment, the data is retrieved from the Dates Service database.
4. The date information is then sent to the device.

Figure 3: How the Dates Service works when accessing dates from Brightspace Pulse
Distributed Event Framework Service

Description
The Distributed Event Framework Service provides awareness of Brightspace Learning Environment events for other
products such as Brightspace Insights.
Location
One instance per Data Center.
Note D2L is evaluating a solution that will provide Brightspace Insights in the cloud for on-premise Brightspace
implementations. As such, the Distributed Event Framework Service is currently only available in D2L Data Centers.
Dependencies
Depends on the Landlord Service.
Depended on by the Brightspace Data Platform.
Data Stored
The Distributed Event Framework Service transmits and stores data in the form of events. The Distributed Event
Framework Service uses the Advanced Message Queuing Protocol (AMQP) with encryption. While in transit, all events
are encrypted. The events that are transmitted contain programmatic identifiers for the user, the context of the event,
and the type of the event. For example:
Events such as logins, tool access, and content visits are identified by the programmatic identifier for the user.

Events are stored in the Data Center and transmitted to services such as the Brightspace Data Platform (located in
AWS).

The following example illustrates how the Distributed Event Framework Service works with Brightspace Insights.
1. User events are generated in Brightspace Learning Environment.
2. These events are then stored in the Main DB split.
3. The Telegraph Service pulls batches of events from the Main DB split and prepares to publish them to the
Distributed Event Framework Service.
4. Before publishing events, the Telegraph Service must attach a TenantId to each event. It first looks for the TenantId
in the Memcache (where a cached copy of the TenantId may be stored). If the TenantId is not there, it requests it
from the Landlord Service.
5. The Landlord Service returns the unique TenantID to the Telegraph Service, which attaches the TenantId to each
event and then publishes the events to the Distributed Event Framework Service.
6. The Distributed Event Framework Service processes the events for usage by other products/services. For example,
the Distributed Event Framework Service streams events to the Brightspace Data Platform.
Figure 4: How the Distributed Event Framework Service works with Brightspace Insights

EduDentity Authentication Service

Description
The EduDentity Authentication Service allows users to verify their identity, similar to the login process in Brightspace
Learning Environment. This service is independent of any particular instance of Brightspace Learning Environment,
allowing users to log in even if they are not associated with any particular organization. This service is used with
products where users may not need to have any affiliation to a specific institution or implementation of Brightspace
Learning Environment, such as Brightspace Binder.
Location
One global instance in Microsoft Azure South Central US and West US.
Dependencies
Depended on by Brightspace Assignment Grader Transcoding Service.
Depended on by Brightspace Binder system, including the Brightspace Binder Data Store, Content Publishing
Service (CPS), Binder Store, and Binder apps.
Depended on by MyDesire2Learn.
Depended on by Open Courses.
For each user registered in the system:
A hash of the password (but not the password itself to prevent decryption).
A security question and three hashes for the answers (but not the answers themselves to prevent decryption).
Email address.
First name, last name, and display name.
The date the user was created.
Whether or not the user has been verified and the deadline for verification.
Whether or not the user is currently active and the date of deactivation (if applicable).
The last successful login date, the number of failed login attempts, and the date the user was locked out (if
applicable).
Whether or not this is a dummy user and an expiry date (if applicable).

1. A separate solution verifies the credentials of a user with the service. The service authenticates the user and passes
the results back to the calling solution.

2. Alternatively, a separate solution requests the security question of the service. The response is checked against the
stored hashes.
Feed Service
Description
The Feed Service provides an API for learner updates to the Announcements, Grades, and Content tools. It sends user
notifications (the ones that appear in the minibar in Brightspace Learning Environment) to the Apple Push Notification
Service (APNS) and Google Cloud Messaging (GCM) for use by the Apple iOS and Google Android platforms,
respectively.
Note When users log in with Brightspace Pulse, data starts collecting automatically. To prevent data collection while
you are evaluating this product for your environment, disable the Feed Service.
Location
A global cluster that resides in AWS. The Feed Service Database resides in IBM Cloudant.
Dependencies

The Feed Service stores Announcements notifications that are pushed from the LMS as they happen (in the LMS) for
Brightspace Pulse users. This service itself does not return to the LMS to retrieve historical data.
To communicate, devices and microservices use the HTTPS networking protocol. While in transit, all data is encrypted;
however, data at rest is not encrypted.
The user ID in data is a composite key along with the course offering ID; it is not a universally accepted global ID for the
user. The user ID cannot be linked to a user's name or identity. In the database, user IDs appear as a series of repeated
numbers.
Regarding data retention, D2L requires the user ID to report on general user data; it is not used to report on the activity
of a specific user. For example, the user ID may be used to report on how many users have an average of three or more
dates per month. D2L would not use the data to report on how many times John Smith looks at his deadlines. D2L
retains the data as long as required to generate reports based on general user data. The reports are subject to change
at D2Ls discretion and client-specific data is subject to the terms specified in the MA, including data retention past
contract termination.
Feed Service Database Data Scope Retention Policy
Grades Event: Released Course offering ID (key), All users for all course As long as required for
Grade user ID (key), grade offerings for all instances analytical purposes
value globally
Grades Event: Updated Course offering ID (key), All users for all course As long as required for
Grade user ID (key), grade offerings for all instances analytical purposes
value globally
Announcements Event: Course offering ID (key), All course offerings for all As long as required for
New Announcements title, description, posted instances globally analytical purposes
Item date
Announcements Event: Course offering ID (key), All course offerings for all As long as required for
Updated title, description, posted instances globally analytical purposes
Announcements Item date
User/Device Mapping User ID (key), Device ID All devices for all users As long as required for
(key) globally analytical purposes
Note: The Device ID is an

identifier supplied by
Apple/Google servers so
Brightspace can send
push notifications to the
user's device.

Note The Feed Service does not transmit information from courses with an End Date that has passed or that have the Is
Active setting disabled.

1. When a learner uses Brightspace Pulse for the first time, their device is registered and a unique Device ID is
assigned.
2. In Brightspace Learning Environment, events are generated that need to be sent to the Feed Service as push
notifications, for example, an exam grade.
3. The event is stored in the Feed Service database.
4. The D2L Mobile Push Notification Service looks up the Device ID in the Mobile Push Notification Service Database
to determine who the intended recipient is.
5. The D2L Mobile Push Notification Service sends the Device ID to the third party Push Notification Service (i.e.
Apple, Google), which retrieves the event directly.
6. The 3rd party Push Notification Service sends a push notification to the device. No data is sent with the request,
only a notice that information is available such as an exam grade.
Figure 5: How the Brightspace Feed Service works when receiving notifications in Brightspace Pulse

Hypermedia Proxy Service

Description
The Hypermedia Proxy Service acts as a proxy or mediator to learning paths within Brightspace platform.
Connections from the Hypermedia Proxy Service to Brightspace Learning Environment are made through the
Brightspace Valence API.
Location
A global cluster that resides in AWS.
Dependencies
Landlord Service - If unavailable, this service will also be unavailable.
Depended on by Brightspace platform:
Activity Sequence Viewer
No data is stored alongside this service. The data passed through this service is:
OrgUnitId
For content modules and topics:
ID
Parent ID, child IDs, sibling IDs
Name
Completion state
Entity data representing files, links, LTI activity launch information, etc. Specifics depend on the entity type
and are dictated by Brightspace Learning Environment.

Landlord Service
Description
The Landlord Service is a global microservice that supports multi-tenancy and Service Oriented Architecture
(SOA)-based solutions. It provides each Brightspace instance with a TenantId, a permanent globally unique identifier.
Note If a Brightspace instance cannot connect to the Landlord Service, a unique TenantId is not assigned and any
features that require a TenantId are unavailable. Users receive a message that their organization's system is not set up.
Location
A global instance that resides in AWS.
Dependencies
Depended on by:
Distributed Event Framework Service
Authentication Service
Brightspace Insights
Brightspace Data Platform
Brightspace Pulse
Data Stored
The TenantId.
The primary domain as well as any aliases of your Brightspace instance.
The main database split server as configured in the instance.config file and the database name.
API Calls
Landlord allows the following public read-only API calls:
Given primary domain, database server name, and database, retrieve a TenantId. All three values are required to
get a TenantId.
Given a TenantId, retrieve the primary domain.
Provisioning a TenantId (on-premise clients only)

If you do not have a TenantId, submit a ticket to D2L Support requesting a TenantId with the following information for
each of your sites:
the Brightspace site
the DNS CNAME, where the value is the database server name
name of the main database split

Important The DNS CNAME and name of the main database split must match the
corresponding information in the instance.config file. The easiest method for providing this
information to D2L Support is to copy the connection string element from instance.config for
the main database split (excluding the password). For example:
<connectionString value="Data Source=MYSQLServer;Initial Catalog=D2L_Main;..." />
Having your TenantID provisioned using a DNS CNAME instead of a host name ensures that if you need to make an
unplanned change to your database server, applications that rely on the TenantId are unaffected. For example, if your
site fails over to a mirror database, you update the CNAME value to the new host name. In this situation, no changes to
the TenantID are required. For example, Name: LVUDB, Type: CNAME, and Value: winsql01.lvu.com.
Confirming that a TenantId has been provided (on-premise clients only)

As of 10.5.0, on-premise clients can check the ORG_ORGANIZATIONS table in their main database split to see if the
TenantIdCachedForQueryString and CachedTenantId columns are populated for their org. If they are not populated,
then Brightspace is unable to get the TenantId from the Landlord Service, meaning the TenantId is not provisioned yet
or Brightspace cannot connect to the Landlord Service. The System Error Log should include a message that describes
the issue.
Configuring Brightspace for the Landlord Service (on-premise clients only)

If your institution's firewall configuration does not allow outbound traffic, you must use one of the following methods
to establish an outgoing HTTPS connection to https://landlord.brightspace.com (https://landlord.brightspace.com):
Add a firewall rule to allow outbound connections (port 80 and port 443) from all web and scalable servers to
https://landlord.brightspace.com (https://landlord.brightspace.com).
Configure a proxy server on the network by setting up the following configuration variables:
d2l.System.Infrastructure.ProxyAddress - The address of the proxy server. It normally takes the form
http://myproxy:8080/ or https://myproxy:8080/ where myproxy is the host name or IP address and 8080 is the
port. d2l.System.Infrastructure.ProxyBypassAddresses - Addresses or address patterns that should not go through
the proxy server. Address patterns take the form scheme://hostname:port/path where scheme is either http or
https; hostname can be set as a * wildcard; port can be a specific number or a * wildcard to apply to all port
numbers; and path is optional and can also contain a * wildcard.
Changes to TenantID values (on-premise clients only)

Features that require the Landlord Service could experience problems if the primary domain of the Brightspace site, the
database server name, or name of the main database split changes.
If you need to change the primary domain of your Brightspace site, the database server name, or the name of the main
database split, contact your D2L Technical Account Manager.

LMS Discovery Service

Description
The LMS Discovery Service provides a list of LMSs so users don't need to know their Brightspace instance URL. For
example, when a learner uses Brightspace Pulse, they need to connect the app to a specific Brightspace instance.
However, the learner may only know the name of the school and not the Brightspace instance URL. The LMS Discovery
Service allows learners to enter the school name and the service provides them with the applicable Brightspace
instance URL.
Location
A service that resides in AWS.
Dependencies
Data Stored
Institution names (currently only Higher Education, US/Canada)
Brightspace instance name and URL, if applicable (non-D2L institution names are also stored)
Approximate location of the institution (ZIP/postal code approximation)

1. From a device, a learner launches Brightspace Pulse for the first time and enters the name of their school.
Brightspace Pulse contacts the LMS Discovery Service, which retrieves the Brightspace instance URL used by the
school.
2. After entering the URL in Brightspace Pulse, the learner logs in, authenticating directly with the schools
Brightspace instance.

Figure 6: How the LMS Discovery Service works with Brightspace Pulse

User Info Service

Description
To enhance the performance and scalability of microservices that support Brightspace Pulse, the User Info Service acts
as a proxy microservice responsible for:
Modifying or filtering user information between Brightspace Pulse and other sources of information (currently,
Brightspace Learning Environment only).
Storing user preferences for Brightspace Pulse.
By default, the User Info Service is turned on and cannot be disabled.
Connections from the User Info Service to Brightspace Learning Environment are made through the Brightspace
Valence API. To allow connections from the User Info Service to Brightspace Learning Environment, on-premise clients
must ensure that the Brightspace Valence API is publicly accessible.
Location
A global cluster that resides in AWS. The User Info Service Database resides in IBM Cloudant.
Dependencies
No dependencies on other microservices.
The User Info Service stores the following user data for course offering enrollments in a User Info Service database in
IBM Cloudant:
Composite key of tenantId and userId
orgUnitId
Org unit name
Org unit code
Org unit type
Color (Brightspace Pulse only)
Active flag (Brightspace Pulse only - was returned in previous enrollments, but is no longer returned)
Customized course names (edited in Brightspace Pulse)

Microservices and the Brightspace Data Platform

Description
The Brightspace Data Platform is D2Ls analytics solution. The Brightspace Data Platform stores raw events, and
computes and stores aggregated data which can be accessed through an API.
Location
A cluster of nodes in AWS regions, influenced by our client base. D2L works with customers in many regions,
jurisdictions, and markets with different needs and requirements for data privacy and residency.
Dependencies
Depends on the Distributed Event Framework Service.
Depends on the Caliper Gateway Service.
Depends on the Landlord Service.
Depended on by Brightspace Insights.
The Brightspace Data Platform stores and transmits analytics events and aggregated data. Events provide information
about actions performed by the user. For example, a content visit event is triggered when a user opens a content topic.
These events are aggregated across meaningful dimensions, for example, course access by all students in a course. The
aggregated data can be transmitted via the Data API, for example, to a Brightspace Insights report.
Events contain programmatic identifiers for the user, the context of the event, and the type of the event. For example:
A programmatic identifier for the event type such as Login = 4545.
Stored data is encrypted with unique keys generated by D2L and are unique to each region. The data is stored on
encrypted volumes to guard against back-end services being compromised. When transmitting data, the Brightspace
Data Platform uses the HTTPS networking protocol. While in transit, all events are encrypted. Data access is restricted
on a per-customer basis using the TenantID of the originating Brightspace instance. API access is governed by user and
system-level permissions.

1. User events are generated in Brightspace Learning Environment. For example, when a user logs in to the system, a
Login Event is generated.
2. The Distributed Event Framework Service sends events to the Brightspace Data Platform.
3. Events are stored in Brightspace Data Platform (BDP) Storage.

4. The Brightspace Data Platform aggregates data, and stores the aggregated data in BDP Storage. For example, Login
Events could be aggregated along hourly, daily, and weekly dimensions.
5. Aggregated data is sent to Brightspace Learning Environment in response to API requests. For example, API
requests could be used to generate a report showing the Login Events generated for learners in a course.
Figure 7: How microservices work with the Brightspace Data Platform

About D2L
About D2L
A global leader in EdTech, D2L is the creator of Brightspace, the worlds first integrated learning platform.
The company partners with thought-leading organizations to improve learning through data-driven technology that
helps deliver a personalized experience to every learner, regardless of geography or ability. D2Ls open and extensible
platform is used by more than 1,100 clients and almost 15 million individual learners in higher education, K12,
healthcare, government, and the enterprise sectorincluding Fortune 1000 companies.
The company has operations in the United States, Canada, Europe, Australia, Brazil, and Singapore.
www.brightspace.com (http://www.brightspace.com) | www.D2L.com (http://www.d2l.com)
Contact Us
Phone: 1.519.772.0325 (Worldwide)
Toll Free: 1.888.772.0325 (North America)
0.808.234.4235 (United Kingdom and Europe)
0.800.452.069 (New Zealand)
1.800.656.210 (Australia)
0.800.891.4507 (Brazil)
Fax: 1.519.772.0324
Email: info@brightspace.com
Twitter: @Brightspace
Web: www.brightspace.com
(http://www.brightspace.com) | www.D2L.com
(http://www.d2l.com)

2016 D2L Corporation.
The D2L family of companies includes D2L Corporation, D2L Ltd, D2L Australia Pty Ltd, D2L Europe Ltd, D2L Asia Pte Ltd, and D2L Brasil Solues de
Tecnologia para Educao Ltda.
Brightspace, D2L, and other marks ("D2L marks") are trademarks of D2L Corporation, registered in the U.S. and other countries. Please visit
d2l.com/trademarks for a list of other D2L marks.

About D2L
Amazon Web Services and AWS are trademarks, registered trademarks or trade dress of AWS in the U.S. and/or other countries.
Apache, Apache Hadoop, and Hadoop are trademarks of The Apache Software Foundation. Used with permission. No endorsement by The Apache
Software Foundation is implied by the use of these marks.
IBM and Cloudant are registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and
service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark
information" at www.ibm.com/legal/copytrade.shtml (www.ibm.com/legal/copytrade.shtml).
All other trademarks are property of their respective trademark holders.


Microservices in The Brightspace Cloud

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Microservices in The Brightspace Cloud

Uploaded by

Copyright:

Available Formats

Microservices

in the Brightspace Cloud

2016 by D2L Corporation. All rights reserved. 2

Document Change History

Revision Date Summary of Changes

June 2, 2016 Renamed the Activity Sequence Service to

Updated the topic Overview of released

Added topics: Brightspace Assignment Grader

May 5, 2016 Updated topic Feed Service - added reference to the

Updated section Microservices and the Brightspace

March 11, 2016 Renamed "How microservices work with the

Added a "Microservices and data" section.

Updated information about data transmission and

2016 by D2L Corporation. All rights reserved. 3

March 3, 2016 Added the Hypermedia Proxy Service topic.

Updated images and related content to show User

Added the "Caliper Gateway Service" and "How

Updated the "Distributed Event Framework Service"

February 4, 2016 Updated the "User Info Service" section to indicate

January 6, 2016 Added a note to the "Feed Service" section to

December 3, 2015 Added the User Info Service

Provided clarification on Auth tokens, device ID,

November 5, 2015 Updated data transmission and encryption

October 1, 2015 Update to indicate that Authentication Service is on

September 3, 2015 Added proxy server support for the Authentication

August 6, 2015 Initial Release

2016 by D2L Corporation. All rights reserved. 4

About microservices in the Brightspace Cloud

2016 by D2L Corporation. All rights reserved. 5

Microservices and on-premise clients

Microservices and data

2016 by D2L Corporation. All rights reserved. 6

Figure 1: An overview of microservices in the Brightspace Cloud

2016 by D2L Corporation. All rights reserved. 7

Overview of released microservices

Landlord Service Provides each 10.5.0 1 global AWS n/a Authentication

2016 by D2L Corporation. All rights reserved. 8

Microservice Name Role Released In Instance Location Depends On Depended On By

2016 by D2L Corporation. All rights reserved. 9

Microservice Name Role Released In Instance Location Depends On Depended On By

Depended on by multiple microservices, Brightspace Pulse, and Brightspace Insights.

2016 by D2L Corporation. All rights reserved. 10

How the Service Works

1. A learner navigates to a tool that depends on the Authentication Service.

Brightspace Assignment Grader Transcoding Service

Depended on by Brightspace Assignment Grader.

2016 by D2L Corporation. All rights reserved. 11

A programmatic identifier for the user such as User ID = 123.

The converted file and the identified file type.

How the Service Works

2. The service converts the file and returns a link.

Brightspace Binder Data Store

Files related to the user, including tags, annotations, and metadata.

How the Service Works

2. At a later point in time, Brightspace Binder requests a document on behalf of a user.

3. An authentication check happens for the user.

4. The requested document is retrieved.

2016 by D2L Corporation. All rights reserved. 12

Caliper Gateway Service

Depended on by the Brightspace Data Platform.

A programmatic identifier for the user such as User ID = 123.

A programmatic identifier for courses such as Course ID = 987.

How the Service Works