There was an error in this gadget

Friday, December 11, 2009

Google Groups Created Using GADS Not Working

Just wanted to post a quick note to anyone who is using the new Google Groups features in Google Apps. If you have previously created groups in your organization or you have groups that are created automatically with Google Apps Directory Sync like we do, they are not fully functional.

There is no fix at this time, but Google has recognized it is a problem:

We are really looking forward to this new feature and hope that it is soon fixed. This will add amazing functionality to all of our classrooms when working in Google Apps.

Sunday, June 28, 2009

Interesting Thoughts From Following NECC Virtually Today

Following up on yesterday's post about following conferences virtually without being there, I figured I would share some of the things I have seen today that may be interesting to others out there do the same thing as I am.

Here are a couple of hashtags that may be good to follow #notatnecc09 & #neccunplugged. NECC Unplugged is starting tomorrow, and is more of an unconference existing inside the main conference and will be broadcasting all their sessions through Elluminate.

Here's a live blog of Malcolm Gladwell's opening Keynote speech.

Site doing a great job of cataloging what is going on online at NECC for those of us unfortunate enough not to be there.

Like yesterday, I found some interesting quotes via Twitter I would like to share, I have left out all of the Gladwell quotes, as you should be able to find those in any of the coverage of his keynote, but here are some of the others:

#necc09 #necc #iste for that matter, as meaningful learning moves online, will classrooms be only for those too skillless to escape class? @AndrewBWatt

The illiterate of the 21st c'y are not those who can't read or write, but those who can't learn, unlearn and relearn #NECC09 @ISTEGlobal

Reading: "Utah University Lifts Ban on YouTube" Cites educational content. Shocking! If Brigham Young can do it... @willrich45

Huge indictment of investment in IWBs instead of netbooks -- teacher-centered decision, not student-centered one #CCDC09 @wsstephens

if most students soon will have data access through their own devices and schools can't filter, how will schools react? #necc09 @mhines

#necc #neccunplugged "Technology has transformed our lives except in our schools" @oysteinj

Stager said student use of computers is often superficial. After all, getting images off digital camera should be a baseline skill #CCDC09 @wsstephens

Being able to get the computer to do something that it already doesn't do is a critical life skill. #ccdc09 @lnitsche

I'll try and keep this up for the rest of the conference, but with having to go back to work tomorrow, it may make it a bit harder.

Saturday, June 27, 2009

Following Conferences Virtually Is Like Drinking From a Firehose

So this year I am unable to attend NECC or any other conferences out of state due to budget reductions occurring in our district. I was even accepted to speak again this year, but had to decline. Anyway enough of my back story.

So this year I am attempting to follow what is going on at NECC through Twitter and blogs that I currently read. And much like other in-person events I have attempted to follow virtually (WWDC & Google I/O), the amount of information coming out of these events is overwhelming.

But with that being said, I did have some free time to follow what is going on, and since the conference hasn't fully kicked off, it was possible to find some really interesting and thought provoking tweets from today that I think should really be seen by a greater audience. Here are some of those:

There shouldn't be an Acceptable Use Policy, you should have a RESPONSIBLE Use Policy. -someone at my session. @imcguy

Don't call it Social Networking, it's Educational Networking - Doug Johnson.

@ittosde @imcguy I want districts to have an Empowered Use Policy. =) You, as a student/employee, have the right to be empowered to... @mcleod

Re: web filtering... "we know some kids will drink on prom night- we don't fix it by closing down prom" ~ @mcleod

We spend so much time teaching appropriate use. We need to teach EMPOWERED use as well. @bethstill

How about if we teach CTS computer programming by having kids learn to program iTouch apps. Bet that would engage students!! @kaminskiterry

As I try and keep up on this knowledge deluge the next few days, I will try and post some of the more interesting things here Tweet about them

Thursday, May 28, 2009

Google Web Elements

Yesterday at Google I/O, their developers conference, Google Debuted a new product that could help people simplify publishing of Google Apps generated content. They have created simple widgets that you fill in your information about the content, and they give you the simple javascript code to insert it into your own web pages, blogs, etc. A simple example is a widget they have for simply publishing presentations created in Google Apps. You can see the slides from our ACPE presentation below:

It took a grand total of about 20 seconds to paste in the url of the presentation, and then copy the javascript for inclusion in this blog post. Can't get much easier than that. You can find more information at

Monday, May 25, 2009

Upgrading our VMware Infrastructure to vSphere 4

This week VMware released their major upgrade to the VMware Infrastructure. In case you haven't seen anything about it, you can read more at There are some really cool new features in this new release, and there are also some significant performance gains that could be realized with an upgrade to vSphere 4.

Since I listen to a lot of podcasts regarding VMware and having been hearing about the release for months, I having been waiting on this upgrade for a while now. Also, since we are not quite in the production stages of our VMware implementation I figured that an upgrade the first day that the bits are released to the public would be an acceptable risk.

I am happy to say that the upgrade went fairly well, our vCenter and ESX hosts are all upgraded as well as the virtual machines residing on them. I am still running into some glitches with Converter Enterprise and Consolidation Manager, but those will be worked out in the next few days. The installation process is really a fairly simple one, especially if you go through the upgrade center on the VMware site and watch the videos. I had already watched them once, but I used them to following along to during my upgrade process, and everything really went well. Thanks for that VMware, maybe an idea for some other vendors out there when it comes to big releases and upgrades that all your users are facing.

Google Reader Bundles

I am not sure if this is a new feature or not, but I saw it this week, and it really seems like a handy new addition to Google Reader. They call it bundles, and you can see more here. What it is essentially is a collection of RSS feeds that you can share out to whoever you want.

There are great possibilities, especially in education, from getting people started with RSS, so create 10 feeds in a bundle that show them the information you can gain from RSS. Another one that I will be using in the next few days is creating "bundles" of feeds that I read, so that my staff can also start reading the same things I do, and we can all get on the same page as far as the information we are working off of.

Just as a sample to start working with this, I have created three bundles, and if you are so inclined, you can subscribe to them below.

Google Blogs and Information Bundle
Active Directory Blogs Bundle
Windows Server Technologies Bundle

Thursday, May 14, 2009

Greased Lightbox

As you may have noticed, some of my recent posts were a bit messed up at the bottom. I was using a Greasemonkey script called Greased Lightbox to simplify viewing pictures from websites like Digg, or Google Search Results. Unfortunately it also had the effect of adding a bunch of worthless junk to posts that I made that included pictures. This has now been remedied, and any of the posts that had this have been cleaned up. I apologize for any inconvenience.

Friday, May 8, 2009

ACPE Presentation Slides

As I promised in the presentation, here are the slides from the presentation we gave this morning. I want to thank everyone who came, as we had a really great discussion both in the session, and in the backchannel on Twitter, I think some people really got some good information. As I mentioned, if you have any questions for any of us, please get in touch, and we will be happy to help or share our experience.

Presentation Slides:

Thursday, May 7, 2009

CAS Integrations with Google Apps

As a follow up to my previous posts of setting up a Central Authentication Server in your organization, and the associated documentation, I would also like to share with you the specific setup documentation I have written for setting up Google Apps with CAS.

As in the other documentation, the changes that need to be made to XML files are displayed here as images.

  • Google Apps - Single Sign On
    • These instructions have been taken from the CAS wiki at:
    • First you need generate public and private keys for CAS & Google to communicate. These steps should be done while in the /usr/local/tomcat/webapps/cas/WEB-INF/classes directory:
      1. root@cas:/usr/local/tomcat/webapps/cas/WEB-INF/classes# openssl genrsa -out private.key 1024
      2. root@cas:/usr/local/tomcat/webapps/cas/WEB-INF/classes# openssl rsa -pubout -in private.key -out public.key -inform PEM -outform DER
      3. root@cas:/usr/local/tomcat/webapps/cas/WEB-INF/classes# openssl pkcs8 -topk8 -inform PER -outform DER -nocrypt -in private.key -out private.p8
      4. root@cas:/usr/local/tomcat/webapps/cas/WEB-INF/classes# openssl req -new -x509 -key private.key -out x509.pem -days 365
    • Then you must add the following for CAS to recognize the Google SAML requests. This is in WEB-INF/spring-configuration/argumentExtractors/Configuration.xml

    • The final step is to setup the Google Apps Single Sign-On information. Necessary information is below, and you will also need the x509.pem file created earlier:
      • Check Enable Single Sign-on
      • Sign-in page URL: https://yourCasServer/login
      • Sign-out page URL: http://whateverServerYouWouldLike
      • Change password URL: http://whateverServerYouWouldLike
      • Verification Certificate: This is the x509.pem file
      • Check the use a domain specific issuer box.

Sunday, May 3, 2009

CAS Installation Documentation

Well, as promised here are the step by step instructions of setting up a CAS server. These instructions are on Linux, but for the most part, everything applies on any platform. The big configuration changes are done by modifying xml files in Apache Tomcat. Also, these instructions were written using a bit of an older version of CAS, but it shouldn't be any different at this time.

Note: Some of the XML changes that were made are not displaying correctly in the blog, so I had to place it in as images. If you have trouble with the images, click on them and they you will be able to view them fully.

The CAS server is setup on top of a default Ubuntu Server 8.04 Server setup.

CAS requires that Tomcat be installed and running on the server before it can be installed, since it is not in the default install, we must do it separately.

Basic server login and setup tasks:
  1. Login to server with assigned credentials using ssh.
  2. All work on the server must be completed as root.
    1. user@cas:~$ sudo -i (password required is your user password)
  3. Need basic tools not installed in setup.
    1. root@cas:~# apt-get install locate (locate utility to find files)
    2. root@cas:~# apt-get install nano (nano text editor to easily edit files)
    3. root@cas:~# apt-get install nmap (nmap utility to detect network activity)
    4. root@cas:~# apt-get install wget (wget utility to download files over internet connections)
Tomcat installation:
  1. The default Tomcat that is in apt isn't the latest, and it doesn't work reliably with 8.04, so it needs to be installed manually.
    1. Start by installing sun-java6-jdk from apt (you will need to accept the license in the process
      1. root@cas:~# apt-get install sun-java6-jdk
    2. Then Tomcat needs to be downloaded and extracted. We do this from the /tmp directory.
      1. root@cas:~# cd /tmp
      2. root@cas:/tmp# wget
      3. root@cas:/tmp# tar -zxf apache-tomcat-6.0.16.tar.gz
    3. We will then move the binary distribution of Tomcat into /usr/local/tomcat
      1. root@cas:/tmp mv apache-tomcat-6.0.16.tar.gz /usr/local/tomcat
    4. Next, the JAVA_HOME variable needs to be set. This is done by editing the ~/.bashrc file
      1. root@cas:/tmp# nano ~/.bashrc
      2. paste in the following at the end: export JAVA_HOME=/usr/lib/jvm/java-6-sun
    5. To create an automatic startup and shutdown script for Tomcat, we need to create an init file.
      1. root@cas:/tmp# nano /etc/init.d/tomcat
      2. paste in the following:

# Tomcat auto-start
# description: Auto-starts tomcat
# processname: tomcat
# pidfile: /var/run/

export JAVA_HOME=/usr/lib/jvm/java-6-sun

case $1 in
sh /usr/local/tomcat/bin/
sh /usr/local/tomcat/bin/
sh /usr/local/tomcat/bin/
sh /usr/local/tomcat/bin/
exit 0
    1. The script created needs to be executable and linked to the startup folders so that it runs on startup or shutdown of the system. (Step number is incorrect due to formatting)
      1. root@cas:/tmp# chmod 755 /etc/init.d/tomcat
      2. root@cas:/tmp# ln -s /etc/init.d/tomcat /etc/rc1.d/K99tomcat
      3. root@cas:/tmp# ln -s /etc/init.d/tomcat /etc/rc2.d/S99tomcat
CAS Server Installation:
  1. At the time of this documentation, the latest stable release of CAS is 3.2.11, this needs to be downloaded from their servers.
    1. root@cas:/tmp# wget
  2. The download then needs to be extracted, copied into the tomcat webapps directory, and then tomcat restarted
    1. root@cas:/tmp# tar -zxf cas-server-
    2. root@cas:/tmp# cp cas-server- /usr/local/tomcat/webapps/cas.war
    3. root@cas:/tmp# /etc/init.d/tomcat restart
  3. You can test a fully working installation by going to: http://servername:8080/cas-server-webapp-
Customization & Configuration:
  • Active Directory Integration (Pulls Usernames and Passwords from AD for Authentication)
    • Following directions gained from:
    • And also directions from:
      1. Stop the Tomcat services:
        • root@cas:tmp# /etc/init.d/tomcat stop
      2. Copy the necessary jar file from the extracted download in /tmp in the deployed application's necessary directory
        • root@cas:/tmp# cp /tmp/cas-server- /usr/local/tomcat/webapps/cas/WEB-INF/lib/
      3. Edit the pom.xml file in the deployed application to insert support for ldap lookups in cas.
        • root@cas:tmp# nano /usr/local/tomcat/webapps/cas/META-INF/maven/org.jasig.cas/cas-server-webapp/pom.xml

      4. Edit the deployerConfigContext.xml file in the deployed application to remove the bean for the standard simple authentication and add in ldap information and server configuration (server IP and domain)
        • root@cas:~# nano /usr/local/tomcat/webapps/cas/WEB-INF/deployerConfigContext.xml

      5. Restart the tomcat services
        • root@cas:~# /etc/init.d/tomcat start
      6. Verify that authentication works by entering an AD username and password and trying to login at the web interface.

  • Tomcat Configuration (Setting Tomcat to use ports 80 and 443: redirecting initial requests from port 80 and sending them to 443, also setting up an SSL certificate and making cas the default application on Tomcat)
    • Changing default port to port 80 instead of 8080 (the standard)
      1. Edit server.xml file in the config directory
        1. root@cas:tmp# nano /usr/local/tomcat/conf/server.xml
        2. On line 67, change port 8080 to port 80.
        3. Restart the Tomcat services
          • root@cas:tmp# /etc/init.d/tomcat restart
    • Setting CAS to be the default app, and get rid of all the others
      1. Edit server.xml file in the config directory
        1. root@cas:tmp# nano /usr/local/tomcat/conf/server.xml
        2. On line 126 change appBase to be: appBase="webapps/cas"
        3. On line 129 paste in the following:
        4. Move all existing directories into a temporary archive in case they are needed later:
          • root@cas:tmp# mkdir /tmp/archivedTomcatApps
          • root@cas:tmp# mv /usr/local/Tomcat/webapps/docs /tmp/archivedTomcatApps/
          • root@cas:tmp# mv /usr/local/Tomcat/webapps/examples /tmp/archivedTomcatApps/
          • root@cas:tmp# mv /usr/local/Tomcat/webapps/host-manager /tmp/archivedTomcatApps/
          • root@cas:tmp# mv /usr/local/Tomcat/webapps/manager /tmp/archivedTomcatApps/
          • root@cas:tmp# mv /usr/local/Tomcat/webapps/ROOT /tmp/archivedTomcatApps/
        5. Restart the Tomcat services
          • root@cas:tmp# /etc/init.d/tomcat restart
    • Creating an SSL certificate and setting that up in Tomcat so that it will use SSL.
      • Must first create a CSR (certificate signing request) from Article on InstantSSL Site:,33
        • From the tomcat root directory: /usr/local/tomcat you need to create a key file and then the csr file (replace domain with server domain name)
          1. root@cas:/usr/local/tomcat# keytool -genkey -keyalg RSA -keystore domain.key -validity 360
            • It will ask multiple questions, but the important is password, make sure to write down what you choose
          2. root@cas:/usr/local/tomcat# keytool -certreq -keyalg RSA -file domain.csr -keystore domain.key
            • You will be prompted for the same above password
      • You will need to cut and paste the contents of the domain.csr file into the website that is granting the certificate and walk through the steps necessary there.
      • Once they have sent back your file, you will have three different certificates that they send back, and all must be imported into the key file in the correct order. Make sure you use the correct password, which is defined above. This information was gained from:,1,88
        1. root@cas:/usr/local/tomcat# keytool -import -trustcacerts -alias root -file EssentialSSLCA_2.crt -keystore domain.key
        2. root@cas:/usr/local/tomcat# keytool -import -trustcacerts -alias INTER -file ComodoUTNSGCCA.crt -keystore domain.key
        3. root@cas:/usr/local/tomcat# keytool -import -trustcacerts -file domain.crt -keystore domain.key
      • Once all certificates have been loaded into the keyfile, edit the /usr/local/tomcat/conf/server.xml file and paste in the following on line 82 (notice the password matches the above used password This will allow the server to respond to port 443 requests and also knows where to find the keyfile and the password associated.

      • Restart the Tomcat services
        • root@cas:tmp# /etc/init.d/tomcat restart
      • Check to make sure everything is functioning correctly by going to https:// version of the server through your browser.
  • CAS Configuration
    • Setting properties file to have correct CAS URL's
      • In the file: /usr/local/tomcat/webapps/cas/WEB-INF/ change the top three lines to have the appropriate beginnings of the URL's: https://yourServerAddress/
    • Allowing user access to the services management application:
      • Edit the file: /usr/local/tomcat/webapps/cas/WEB-INF/deployerConfigContext.xml and insert the following at line 134 (replace username with an actual username in AD that will be administering the CAS services:
        • username=notused,ROLE_ADMIN

CAS: Central Authentication Service

Last school year my boss came back from the COSN conference and was quite excited about the single sign-on systems he had seen demonstrated there, specifically, CAS (Central Authentication Service) and Shibboleth. After spending quite a bit of time researching these two technologies which were completely new to me, I determined that in our infrastructure currently we didn't have the need for Shibboleth, which is more of a federated authentication architecture between organizations. Shibboleth seems to me to be a lot like what OpenID is trying to accomplish throughout the open source community, and at the time, it just didn't seem like something we needed.

CAS on the other hand was something that was going to be needed badly throughout our organization in the very near future. What CAS does is split apart the authentication layer from the actual data source and provides a web-based single sign-on architecture throughout your organization. CAS allows you to use any LDAP or even database backend as the authentication authority. For us, we needed to use Active Directory, as that is where all of our usernames and password currently reside, luckily, this works just fine with CAS as well.

As part of everything that I am doing in my current position, I have fully documented the steps necessary to get this setup from the ground up. I need to double check the document a little bit better to make sure it is fit for public consumption, but when I do, I will post it here as a step by step document for people looking to set this up in their organization.

Just as a further side note on what can be setup to authenticate with CAS, we are currently authenticating our Google Apps setup (more on this in another post), Moodle, Wordpress, and an application custom built for us by contractors. There are also instructions on their website for authenticating many other systems such as Outlook Web Access, Joomla, PeopleSoft, and many others.

MobilAP: The Mobile Academic Platform

Over the last month I have been working to customize a web application that will be used in an upcoming conference that I am a part of. There is an expectation by the board of this conference that there will be a fairly high number of attendees that will have either iPod Touchs or iPhones. Because of this, they found a web application originally developed by the the University of Cincinnati College of Design, Architecture, Art & Planning called MobilAP. I started looking into this application a couple of months ago and had hoped at the time, that the customization of the application would be assisted by vendors. It turned out that the vendor we had hoped for assistance from had no resources that could be put into this task at this time, so that left all updating and customization on me.

A few weeks ago, I spent a few hours customizing the look and feel of the application. This was setup pretty easily as the download for the package included the project files from Dashcode. This allowed for simple look and feel changes to be done easily. It also allowed for easy creation of new screens that were going to need to be added to the application for it to fit into what this conference had envisioned.

This weekend arrived and since the conference starts next week, there was no time left to put this off, so I had to dig in and get to work customizing it. The standard application has no portions built to provide a way to display promotional information from the vendors, so that had to be built in.

After nearly 30 hours of work this weekend, I am proud to say that the application is complete and ready to go for the conference. Some examples of the look and feel can be seen below:

If there is anyone out there who needs to do something like this, please let me know, and I would be happy share with you the changes I made. They aren't pretty, I haven't really done much coding for the last couple years, but they do function. You can also get the original source code at the link for MobilAP above.

Friday, April 24, 2009

Microsoft IT Academy - Very Good Deal for Training Your Staff & Students

This year I decided to go a different route than our previous online training opportunity for our department staff. We had previously used the service offered by The Training Consortium, but this year, that was a little bit more expensive than we could afford, and needed something that could be used by more of the technical staff throughout the department. We luckily stumbled upon Microsoft's Training opportunities through a contact at our local ESD, and so far have been happy we did.

The Microsoft IT Academy is much more than just training, although there is a lot of that, and our experience so far, has been a pretty high quality. When you purchase a subscription, (which provides access to all staff in your entire district) you also get access to MSDN, Microsoft Press, and TechNet Plus. For the fairly small cost with the educational discounts, this is well worth the money spent. They do also align the courses up with their certifications such as MCSE, and MCSA, and others, so if you have staff that are interested into these certifications, this is a great way to provide that opportunity to them.

They also do offer this for use with students, but the way they license it is you must license each of your schools seperately, and for this year our schools already have a solution in place.

I would fully recommend that you take a look at this if you are in the market for online training for your IT staff. Of course it is Microsoft only technologies, but if you are like us and are supporting a primarily Windows infrastructure, it is well worth it.

iPhone Application Development - Thanks Apple & Stanford

In case you haven't already seen this in multiple places and you are interested in getting started in writing applications for the iPhone, take a look at the course that is being offered right now at Stanford and also offered to the world for no credit through iTunes U.

I have watched a couple of the lectures so far, and am trying to keep up, but it just takes a bit more time than I currently have with everything else on my plate. I have quite a few good ideas that I hope I can one day produce, but it all comes down to whether or not I will ever have time. This is an actual college course though, so it does take you from the basics of learning Objective-C all the way to creating much more advanced applications.

If you would like more information, search for Stanford within iTunes, or you can find the actual class website with all lecture slides, assignments, a direct iTunes link, and other information at the following link:

Really back this time...

Ok, so I know I said I was back and going to start blogging again back in December, but I guess that kind of fell apart. This time I have actually made a list of things I want to write about, and it is currently at about 14, so I will try and write a couple of things up tonight, and over the next week or two, I will try to get to all of them. The topics are a real mix 'n match of different topics that touch on what it is like to manage an IT department in a K-12 setting where you never will have the resources that a private enterprise will.