Since the mid 1980s, the Florida Department of Education (DOE) has collected student, staff, and workforce data and used it to guide program development and funding. As data volumes grew, so did demand for the data—from teachers, administrators, legislators, and parents. To provide constituents with secure access to confidential student data, the DOE created a Web portal called Sunshine Connections using Microsoft® Office SharePoint® Server 2007. It then worked with Microsoft Services to create a robust identity infrastructure using Active Directory® Federation Services and Microsoft software for security and identity management. Easy, secure access to student data helps teachers improve their teaching and leads to improved administrative decisions. The simple logon process encourages teachers to explore the data, and the familiarity of the infrastructure makes the site easy to maintain.
The Florida Department of Education (DOE) administers prekindergarten through twelfth grade and state college (PK-20) public education in the state of Florida and supports more than 2.6 million students, more than 180,000 teachers, 318,000 full-time staff, and 3,800 schools. The DOE is based in Tallahassee, Florida, and has 1,255 full-time employees.
Since the mid 1980s, the Florida DOE has been collecting staff and student-level data from the state’s 67 school districts, including student demographics, courses taken and completed, attendance, transcripts, and more. The state maintains a similar database for its state college system. The intent was to use this data as a basis for making better decisions about administering and funding education programs in the state, to track progress as students move through the system, and to comply with state and federal reporting requirements.
The data has been stored in IBM DB2 databases on a mainframe computer since inception, and a programming staff uses COBOL and other mainframe programming languages to manually write reports from the data. This report-writing process is laborious and limits the constituents that the DOE can serve to a select few state administrators.
As the data volumes grew, so did the number of people who wanted access to this data. Educators, legislators, teachers, researchers, and even parents wanted access to the student data that Florida had accumulated—more data than any other state in the country; many states are just beginning to capture this kind of educational data. By 2000, Florida had collected terabytes of education data and was adding 100 gigabytes a year. To broaden access to its educational data, the DOE contracted with a vendor in 2000 to create a data warehouse from the K-12, state college, and university databases using Oracle database software and reporting tools. The idea was to use these tools to enable many more people beyond the DOE IT staff to securely analyze this wealth of data.
However, the DOE had limited success with Oracle. “It was our understanding that Oracle was one of the better enterprise databases, but the Oracle reporting tools were not able to handle that much data,” says Jeff Sellers, Acting Deputy Commissioner of the Division of Accountability, Research, and Measurement for the Florida Department of Education. “The Oracle software was also difficult to use.”
The DOE envisioned opening up its data warehouse to constituents over a Web-based portal. Sellers anticipated that the Oracle reporting foundation would not be suitable for such a move because of the challenges related to performance, complexity, and security that he had encountered.
Even though the DOE development team had not identified replacement reporting technologies for the site, it began building the public portal in 2004. Working with Microsoft® Services and the Microsoft Learning Group, the DOE used Microsoft Office SharePoint® Portal Server 2003 to create a statewide teacher resource portal that it called Sunshine Connections (www.sunshineconnections.org). Sunshine Connections provided Florida educators with classroom management tools, instructional strategies, curricular materials, and even professional development opportunities.
Sunshine Connections still needed a reporting foundation that was easier to use, and a highly secure identity management infrastructure before DOE could use it to share its confidential student performance data. “Federal regulations such as the U.S. Family Educational Rights and Privacy Act [FERPA] place tight strictures on how student data is handled, accessed, and shared,” Sellers says. “We had to ensure that teachers could only see education data for students in their class and that only authorized users could view relevant data.” Solution
In 2007, after a lengthy pilot, the DOE turned to Microsoft Services for help in building the reporting, identity, and security infrastructure for Sunshine Connections. The DOE decided to upgrade Sunshine Connections to Microsoft Office SharePoint Server 2007 and use that software’s business intelligence (BI) capabilities as the site’s reporting foundation. It augmented those capabilities with the rich reporting capabilities in the Microsoft SQL Server® 2005 data management software, which stores the data after it’s transferred from the Oracle data warehouse. The DOE used SQL Server 2005 Reporting Services to create interactive Web-based and printed reports; SQL Server Analysis Services to perform data mining on the warehouse; and will soon use Microsoft Office PerformancePoint® Server 2007 business intelligence software to glean insights from its data warehouse.
||A solid security infrastructure is a critical prerequisite to making this valuable data available online to teachers … who can use it to improve teaching and make better decisions.
||Jeff Sellers Acting Deputy Commissioner, Division of Accountability, Research, and Measurement, Florida Department of Education
As for identity infrastructure, the DOE had deployed the Active Directory® service as its directory structure, and many larger school districts, such as Miami-Dade, also had Active Directory–based account structures. To take advantage of this investment, Sellers decided to use the latest Microsoft identity and security solutions to secure Sunshine Connections.
Microsoft Services used Active Directory Federation Services in the Windows Server® 2008 operating system to give all users access to data on Sunshine Connections. Active Directory Federation Services enables organizations to extend their Active Directory accounts outside their boundaries, to authorized partners. Using Active Directory Federation Services, the DOE was able to very securely and broadly grant access to Sunshine Connections data.
“Active Directory Federation Services gave districts with existing Active Directory setups access to Sunshine Connections using their existing logons,” Sellers says. “They can also manage their Sunshine Connections access locally using existing Group Policy settings.” For school districts that do not have an Active Directory service, the DOE generates Active Directory accounts for them.
Microsoft Services used Microsoft Identity Lifecycle Manager 2007 to manage user accounts by providing identity synchronization, certificate management, and user provisioning from a single console. It also used Microsoft Internet Security & Acceleration Server 2006 as an edge security gateway. This software serves as the main firewall for Sunshine Connections and also helps secure all content and applications for remote access. The DOE also used Microsoft Forefront™ Security for SharePoint to scan portal documents for viruses and unwanted (nonbusiness-related) content.
The state’s 67 school districts can upload data to Sunshine Connections nightly. Active Directory Federation Services helps secure this process and simplifies access to the state database.
With a more secure identity infrastructure in place, Sunshine Connections is now organized into two sections: a public area that provides free teacher tools and nonconfidential aggregated data to anyone who wants it, and a restricted area that provides teachers and administrators with confidential tools and information specific to their school and students. The DOE has designed the identity infrastructure to authenticate users based on their Active Directory role and to authorize them based on the relevance of data to their role.
For example, the security system ascertains that an individual is teaching a particular child before granting access to data about that child. “Data access is all role-based,” Sellers says. “A teacher can only see information about the students in their class, or current students’ previous performance. Administrators can only see information on students in their schools.”
The DOE runs Sunshine Connections on 40 Dell PowerEdge servers, and is evaluating the use of Microsoft System Center Operations Manager 2007 to help monitor those servers. Benefits
With the secure, easy-to-use identity and security infrastructure for Sunshine Connections, the Florida Department of Education is able to offer thousands of users secure online access to terabytes of student-level data. Rapid access to years of performance data helps teachers improve instruction and gives administrators and legislators the data they need to make informed policy decisions about educational resources. Easy logon encourages more frequent data sharing, and the flexible infrastructure makes it easier to accommodate changes. Finally, the cost effectiveness of Microsoft software saved Florida money in implementing the solution.
Secure Online Access to Confidential Student Data
||Using data on Sunshine Connections, legislators and school administrators can better determine where to make [budget] cuts and how to most effectively use the remaining funds.
||Jeff Sellers Acting Deputy Commissioner, Division of Accountability, Research, and Measurement, Florida Department of Education
By outfitting Sunshine Connections with a robust and more secure identity and security infrastructure, the DOE can open its confidential data stores to potentially millions of users over the Web. “With this security infrastructure in place, we can safely meet the requirements of FERPA and other federal and state laws that mandate complete confidentiality of student data,” Sellers says. “A solid security infrastructure is a critical prerequisite to making this valuable data available online to teachers, administrators, and other stakeholders who can use it to improve teaching and make better decisions about education in Florida.”
Using the BI tools that the DOE has made available on the site, teachers can compare students’ performance in a single class or one student’s performance over time. Schools can compare and review subjects across grade levels, reading scores from 2002 to the present, and many other metrics. Administrators and legislators can run all sorts of reports to determine which programs work and where additional funding is required. “With the current state of the national economy, Florida had to slash more than $1 billion from its education budget,” Sellers says. “Using data on Sunshine Connections, legislators and school administrators can better determine where to make those cuts and how to most effectively use the remaining funds.”
By democratizing performance data, the DOE also gives teachers and districts the ability to analyze and act on their own data, before someone else does it for them. “In education as in business, the more information you have, the better the decisions you can make,” Sellers says. “Our schools want the opportunity to evaluate and improve their performance before critics take them to task for nonperformance.”Easy Logon that Encourages Data Sharing
The DOE does not mandate the frequency with which school districts upload data to Sunshine Connections, nor can it mandate that teachers use the site. It can only make it easy to upload the data and use the site, and it can provide the assurance that the data is extremely safe, to encourage use.
“Simplifying the logon procedure is one way to encourage more frequent data uploads,” Sellers says. “And providing users with the assurance that only authorized persons will view the data helps us get participation from additional districts,” Sellers says. “There are serious repercussions for violating FERPA, so school districts need the assurance that Sunshine Connection is highly secure.”
By extending its identity and security infrastructure to the 67 districts, the DOE gives them a flexible way to log on to Sunshine Connection without any work on their part. “We provide and maintain Active Directory accounts if they don’t already have them,” Sellers says. “We also provide administrative tools that they can use to change, add, and delete accounts. By making it so easy for districts to log on and share data using tools they already know, we’ve made it workable.” Adaptable to Changing Needs
The DOE still receives data requests all the time, from all manner of constituents. The IT staff is working on mechanisms by which any authorized user can request data through Office SharePoint Server 2007 workflows and get what they need on the portal, without manual intervention from DOE staff.
The flexibility of the underlying Office SharePoint Server 2007 and Active Directory architecture enables the DOE to respond to changing needs. “The Florida legislature, the governor, and others throughout the government have changing needs, and often funds aren’t available to respond to these changing requirements,” Sellers says. “That’s why it helps to have an infrastructure based on Microsoft software that is cost effective to modify.”Lower Operational Costs
By giving its many constituents a way to self-service their own information needs, the Florida Department of Education will reduce reporting labor. “We will be able to redeploy our staff from writing SQL Server queries to designing and building data marts and creating BI tools for use on Sunshine Connections,” Sellers says.
Microsoft Infrastructure Optimization
With infrastructure optimization, you can build a secure, well-managed, and dynamic core IT infrastructure that can reduce overall IT costs, make better use of resources, and become a strategic asset for the business. The Infrastructure Optimization model—with basic, standardized, rationalized, and dynamic levels—was developed by Microsoft using industry best practices and Microsoft’s own experiences with enterprise customers. The Infrastructure Optimization model provides a maturity framework that is flexible and easily used as a benchmark for technical capability and business value.
For more information about Microsoft infrastructure optimization, go to:
For More Information
For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers who are deaf or hard-of-hearing can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234 in the United States or (905) 568-9641 in Canada. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to:
For more information about Florida Department of Education services, call (850) 245-0505 or visit the Web site at: