Nebraska Connect Design Layout

The NNNC has developed Nebraska Connect, a system that connects to the NebraskaCloud. It utilizes a wide-scale deployment of Microsoft Active Directory Federated Service (ADFS) servers connected in a hierarchical design. Each participating school will have a dedicated ADFS server that is linked to their local directory. Those servers will be linked to their respective ESU’s ADFS server. Those servers are then linked to the main NNNC ADFS server. The NNNC ADFS server is connected to the NebraskaCloud system. This design allows the NNNC to add participating schools in a controlled and uniform manner without the need to schedule time with the Educational Service Unit Coordinating Council (ESUCC) and take time away from their projects. This design also provides each school, ESU and the NNNC the ability to offer single sign on capabilities for their users at any level above and beyond those provided by the NebraskaCloud.

The process flow will go as follows. The user will:
1. Visit the NebraskaCloud site
2. Click Sign In in the upper right-hand corner
3. Select (or search) NNNC in the list of configured identity providers
4. Upon redirection to the NNNC login page, select to log into the Nebraska Cloud
5. Select the ESU that they are a member
6. Will be redirected to the ESU login page
7. If an ESU employee, they will select the ESU to login
8. If a school, they will select their school
9. Will be redirected to their school/ESU’s login page
10. Enter in their local credentials
11. Upon successful authentication, they will automatically be redirected back to the state’s portal page

This set up will require a ADFS server to exist for each ESU and school. There will also need to be a publicly accessible login page for each ESU and school. These publicly accessible login pages will most likely need to be a separate server instance that resides outside of the school or ESU’s internal network. This means that server could be hosted off-site at an ESU or other regional data center, but could also reside at their local building with the proper configuration.

This design is non-intrusive for the schools and provides great functionality for feature additions in the future and proper security at all levels. This layout utilizes the latest Microsoft technologies designed for federated services and secured logon. At no time will individual passwords of student be passed outside of the local school’s directory. The user will be required to enter in an e-mail address and password as configured at their school. Once the user is authenticated, they can access each configured resource without the need to log in again for that session. That duration may be different depending on the set up of each school or ESU. For example, if the school is one-to-one, those users may only need to log in once daily. However, if students share computers, then they may need to logon each time they access a new computer (potentially multiple times daily).

Following is how it will look for schools once everything is properly configured. The images below show what a user at Ainsworth Community Schools will see when they go to log in using this system.