
The openDesk Edu Platform: Comprehensive Open-Source Learning Management
What is openDesk Edu?
Imagine a university where students, researchers, and faculty access a unified ecosystem of 25 integrated services β from learning management systems and collaborative document editing to task management and video conferencing β all with seamless single sign-on, German data protection compliance, and open-source transparency.
This is openDesk Edu: a cutting-edge learning management platform designed specifically for European educational institutions.
Core Value Proposition
- Unified Experience: Single sign-on (SSO) across 25 integrated services via Keycloak
- Sovereign compliance: Fully GDPR-conformant, data resides on German university servers (HRZ Marburg)
- Cost Efficiency: Open-source eliminates expensive licensing fees and vendor lock-in
- Integration Seamlessly Pre-Wired: 80+ documented service relationships and cross-service workflows
- Production-Ready: Comprehensive operational documentation, runbooks, and monitoring
- Ecosystem Approach: Builds upon existing open-source projects rather than creating a proprietary platform β you're joining the global community, not locked into another vendor
The 25 Integrated Services
openDesk Edu combines the best open-source applications into four functional categories:
π Learning Management Systems
- ILIAS (Moodle alternative): Comprehensive LMS with Shibboleth SSO and advanced course management
- Moodle: Most widely used LMS globally, fully integrated with Keycloak authentication
- BigBlueButton: Web conferencing for virtual classrooms with recording and interactive features
- XWiki: Enterprise wiki for collaborative knowledge base and documentation
π Project & Task Management
- OpenProject: Agile project boards, work packages, timeline planning integrated with Nextcloud file storage
- Planka: Kanban boards and project management with real-time collaboration
- BookStack: Documentation and knowledge management platform
π Content & Collaboration
- Nextcloud: File storage, sharing, and collaboration (5 TB quota, integrated with Office apps)
- Collabora Online: Real-time document editing integrated with Nextcloud (replacing Microsoft Office)
- Etherpad: Real-time collaborative text editing and meeting notes
- CryptPad: End-to-end encrypted diagram editing integrated with Nextcloud
- Notes (im.press): Collaborative note-taking with AI integration
- Draw.io: Diagram creation and editing within Nextcloud interface
- Excalidraw: Hand-drawn style diagram editor for technical documentation
- TYPO3: Content management system for institutional websites
π§ Communication & Support
- OX App Suite: Enterprise email, calendar, and groupware
- SOGo: Alternative groupware providing email with IMAP and calendar functions
- Dovecot-Postfix: Robust email delivery and IMAP backend
- Element: Matrix-based secure chat and messaging platform
- Zammad: Helpdesk and ticketing system with email integration and knowledge base
- LimeSurvey: Survey and polling creation tool integrated with SSO
How It All Connects: The Interconnection Matrix
These 25 services don't operate in isolation β they form a tightly integrated ecosystem with 80+ documented relationships:
- Authentication Hub: All 25 services authenticate via Keycloak (SAML 2.0 / OIDC)
- File Storage API: Nextcloud provides central file storage accessed by OpenProject, Collabora, CryptPad, Etherpad
- Cross-SSO Workflows: Intercom service enables silent login between services (Nextcloud β OX, Nextcloud β Element)
- LDAP Integration: SOGo, XWiki, Zammad, Self-Service Password sync with Nubus LDAP directory
- Email Infrastructure: OX, SOGo, Zammad share Dovecot-Postfix IMAP backend and SMTP relay
This pre-wired integration means institutions don't spend months configuring individual applications β it just works out of the box.
German Data Protection & Compliance (SOVEREIGN)
openDesk Edu is designed expressly for German and European educational institutions:
GDPR Compliance π
- Data sovereignty: All student and faculty data resides on German university servers (HRZ Marburg cluster)
- No Cloud Lock-in: Self-hosted deployment eliminates third-party data residency concerns
- Transparent Code: Open-source licensing (Apache-2.0, AGPL-3.0) enables full code review and security auditing
- Compliance Documentation: Comprehensive security specifications, threat models, and compliance checklists
DFN-AAI Integration π
- Seamless integration with German Shibboleth federation (DFN-AAI)
- Accept institutional credentials from any participating German university
- Single sign-on across all services with federated identity
HRZ Brandenburg Production Cluster π’
- 9-node K3s cluster at University of Marburg (HRZ)
- Ceph-backed RBD/CEPHFS storage for high availability
- ArgoCD GitOps for reliable deployments
- Prometheus + Grafana monitoring and alerting
Technical Architecture
Kubernetes-Native Deployment
- All services deployed via Helm charts with Helmfile orchestration
- Multi-environment support (dev/staging/production)
- GitOps pipeline with ArgoCD for controlled deployments
- Comprehensive backup strategy using k8up (restic-based)
Security Hardening
- Otterize network policy enforcement
- Seccomp and capability profiles for pod hardening
- Brute-force protection enforcement across authentication endpoints
- Regular security updates threat-model analysis
Operational Excellence
- Detailed runbooks for common incidents (60+ documented scenarios)
- 12+ platform-level service specifications (backup, security, monitoring, DR)
- Health check catalog and probe timing documentation
- SLO definitions and capacity planning guidelines
Who Is openDesk Edu For?
Educational Institutions ποΈ
- Universities: Replace 10+ fragmented SaaS subscriptions with one integrated ecosystem
- Colleges: Scale from hundreds to tens of thousands of users seamlessly
- Research Institutions: Comprehensive project management with secure document collaboration
IT Administrators π§
- Reduce Complexity: Single ecosystem eliminates multi-vendor integration nightmares
- Save Costs: Open-source licensing replaces expensive enterprise subscriptions
- Production-Ready: Comprehensive documentation, runbooks, and monitoring reduce operational burden
- Future-Proof: Open-source ecosystem means no vendor sunsetting features you depend on
- Full Control: Fork code, add features, or replace components β IT departments are partners, not dependent customers
Students & Faculty π¨βπ
- Seamless Experience: No password fatigue β one Keycloak login for all services
- Full-Featured: Real-time collaboration, video conferencing, document editing, and project management
- Privacy-First: German data protection compliance ensures personal data never leaves institutional servers
Researchers π¬
- Secure Collaboration: Share data and documents with international partners via federated identity
- Version Control: Built-in support for research workflows
- Long-term Preservation: 10+ year retention with full data control
Getting Started: From Evaluation to Production
openDesk Edu provides a complete path from evaluation to production deployment:
1. Exploration Phase
- Review comprehensive OpenSpec documentation (58 spec files)
- Understand service interconnection matrix (25 services, 80+ relationships)
- Read operational runbooks and security specifications
2. Proof of Concept
- Docker Compose deployment for local testing
- Playground environment with sample users and courses
- Cross-service workflow validation (SSO, file sharing, collaboration)
3. Production Deployment
- K3s/helmfile production deployment guides
- Resource sizing and capacity planning
- Backup and disaster recovery procedures
4. Ongoing Operations
- Monitoring dashboards and alerting (Prometheus + Grafana)
- Incident response runbooks (60+ scenarios)
- Upgrade and migration strategies documented
The Comprehensive OpenSpec: Your Complete Technical Guide
Behind openDesk Edu's simplicity lies meticulous documentation. Our OpenSpec comprises 58 specification files across three categories:
Platform Specifications (18 specs)
- Security: Network policies, Otterize integration, threat models, compliance checklists
- Operations: Runbooks, incidents, troubleshooting procedures
- Performance: SLO definitions, capacity planning, resource sizing
- Infrastructure: Backup strategies, storage architecture, networking, deployment
- Automation: Secret derivation, provisioning workflows, upgrade migration
Service Specifications (25 specs)
- Each of the 25 services has a dedicated specification covering:
- Purpose and non-goals
- Functional requirements with user scenarios
- Dependencies and integration points
- Component reference and configuration
- Security context and compliance
Integration Specifications (6 specs)
- API contracts between services
- Cross-service workflows (Intercom silent login, file sharing)
- File store abstraction and backup procedures
- LTI integration for learning management
- Provisioning automation (UCS/LDAP import)
Why OpenSpec Matters
This comprehensive specification is not just documentation β it's the blueprint that makes openDesk Edu truly production-ready:
- Architectural Clarity: Every service explicitly declares dependencies and integration points
- Operational Readiness: Detailed runbooks enable 24/7 operations confidence
- Security Assurance: Threat models and compliance checklists reduce security risks
- Community Contribution: Clear specs enable external contributors to understand and improve the platform
Real-World Impact: The openDesk Edu Difference
Before: Fragmented & Expensive
- 10+ different SaaS subscriptions costing β¬100,000+ annually
- 5+ different authentication systems causing password fatigue
- Data scattered across US cloud providers (GDPR risk)
- Custom integration efforts costing development time and expertise
- Vendor lock-in preventing institutional data sovereignty
After: Integrated Ecosystem
- 1 integrated open-source platform replacing fragmented subscriptions
- 1 Keycloak SSO across all 25 services
- German data sovereignty with on-premise deployment
- Pre-wired integrations reduce IT burden by 80%
- Open-source eliminates vendor lock-in
The Critical Difference: Ecosystem vs Vendor Lock-in
| Aspect | Traditional Vendor Approach | openDesk Edu Ecosystem |
|---|---|---|
| Core Applications | Proprietary, vendor-controlled | Best-in-class open-source projects (Nextcloud, Moodle, ILIAS, etc.) |
| Exit Strategy | Difficult migration, data hostage | Export formats, open standards, you control your data |
| Customization | Limited, requires vendor approval | Open codebase β modify and fork as needed |
| Community Support | Vendor support only | Global open-source community + institutional expertise |
| Roadmap | Vendor decides priorities | Community-driven, institutional needs influence direction |
| Data Portability | Proprietary formats, export fees | Open standards, self-hosted, full data control |
| Cost Structure | Per-seat licensing, usage tiers | Open-source licensing β infrastructure costs only |
| Future-Proofing | Dependent on vendor survival | Independent of any single company β ecosystem persists |
Join the Open-Source Educational Revolution
openDesk Edu represents the future of educational technology: unified, sovereign, and open.
Whether you're an IT director evaluating alternatives, an administrator seeking operational excellence, or an educator looking for integrated learning tools β openDesk Edu delivers.
Next Steps
- Explore the OpenSpec: Complete technical documentation
- Review Service Matrix: 25 services with 80+ relationships
- Try Docker Compose: Local playground deployment
- Join the Community: GitHub repository
openDesk Edu: Transforming educational institutions through integrated, sovereign, open-source technology.
Data sovereignty meets educational excellence. Experience the future of learning management today.

