Stephen GilfusExecutive Overview

    Field Notes · By Stephen Gilfus · April 4, 2026

    Blackboard architecture: the first whitepaper’s grid

    How early platform choices fixed the LMS street grid and shaped two decades

    An inside account of the first Blackboard whitepaper, the 1997–2001 choices it set in motion, and how those architecture seams defined the LMS market’s pace.

    Early Blackboard architecture diagram on a desk beside a Sun server photo and a campus network map

    Introduction

    A Sun Ultra Enterprise gets wheeled into a campus data center. It is late 1998, fluorescent light, raised floor, the kind of room where tape libraries hum and a whiteboard lists weekend maintenance windows. Two binders sit on a nearby metal cart: one with Oracle license paperwork, another with our first Blackboard architecture whitepaper printed out, highlighted, and dog‑eared. The dean of IT wants to know which ports to open. The registrar’s office wants grade import explained. Procurement wants the maintenance cost spelled out. That was the environment in which decisions got made.

    The whitepaper answered basic, operational questions: what lives in the database, what lives on disk, how sessions are maintained, how a campus directory authenticates people, how courses are created, who owns which permissions, and where to add new capabilities without breaking the core. We drew a three‑tier web application that an existing university operations team could stand up: web server (IIS or Apache), application logic, and a relational database (SQL Server or Oracle). We put the course at the center of the data model. We assumed an institution would run its own instance — single tenant — because FERPA risk and administrative culture made it non‑negotiable.

    Those early calls were not theory. They met the world as it was: dial‑up and early broadband, campus authentication based on LDAP or Kerberos, departmental sysadmins with weekend access windows, and budgets that favored one‑time capital outlays over ongoing service fees. The choices fit the wiring, calendars, and people available to operate the system. And like a new street grid imposed on a growing town — block lengths, right‑of‑way, the angle of the avenues — the pattern endured long after the bulldozers left.

    This post records what the first whitepaper actually said in operational terms, how those lines hardened into a category template for two decades, why the market organized around them, and what I would do differently today knowing where the constraints came from. I do not offer mythology. I offer the map we drew and the consequences it set in motion.

    What the first paper set

    The first order of business was to define the objects in plain operational terms.

    • Core object: the course. A course owns rosters, roles, content areas, tools, gradebook columns, and calendars. An instructor is “inside” a course; a student is enrolled in it; a TA inherits instructor‑like rights.
    • Identity anchor: the campus directory. Authentication against LDAP/Kerberos; authorization inside the application. Provisioning reconciles course rosters against student information systems on a schedule — think nightly batch.
    • Storage split: files on disk; state in the relational database. Binary content (docs, images, ZIPs) sat in a file store under predictable paths; structured data (grades, attempts, settings) in tables with foreign keys.
    • Session and cookies: HTTP cookies maintained state; server‑side sessions cached current course, role, and locale. Single sign‑on meant mapping campus login to an application session, not a federated token across many services.

    We articulated the operational seams.

    • Administrative job control: scheduled tasks to import feeds from student information systems; a queue for message processing; logging to rotate with predictable retention for audits.
    • Access control: roles and permissions wired at the tool and content area level, enforced by server‑side checks and reflected in the UI navigation.
    • Extensibility line: an integration point for adding tools without patching core. In the early 2000s, this formalized as Blackboard Building Blocks — an API and packaging model to plug new functionality while preserving core upgradeability.

    We drew the non‑goals just as clearly: we would not be identity providers for the campus; we would not be the SIS; we would not own the network. And we documented the deployment posture: institutions could run Solaris or Windows, Oracle or SQL Server, with a topology that fit their change‑management process. The whitepaper described the act of standing up the system — the ports, the services, the backup jobs.

    From these specifics, downstream consequences followed.

    Course as the center of gravity

    Making “course” the primary container set the hierarchy for everything else. Content areas belonged to courses. Discussions belonged to courses. Assessments produced grades into a course gradebook. Cross‑course experiences existed, but they were exceptions stitched together by institution‑level tools or external systems.

    ### Lesson — Model people at the center and treat courses as a view on that core.

    This approach provides flexibility for lifelong learning paths and cross-organizational experiences without disrupting course-level governance. While the person-centric model is ideal, our choice to make the "course" the primary container set a hierarchy where content, discussions, and grades all belonged to individual courses. Cross-course experiences became exceptions stitched together later, not native capabilities of the system.

    > Making “course” the primary container set the hierarchy for everything else.

    Batch over events

    Data entered and left the system in scheduled runs. Nightly roster imports aligned enrollments with the SIS. Log rotation and exports ran on cron‑like schedules. Real‑time event streams were not on the table — the operational muscle on campuses and the standards environment simply did not support it.

    Single tenant by design

    Each institution’s instance became its own world. Backups, upgrades, and customizations occurred on local schedules. This matched governance realities — the registrar needed to control academic calendars; the CIO wanted independence; security teams needed walls. It also meant cross‑institution analytics or feature rollout cadence were not native concerns.

    These were good decisions for the time because they met a buyer’s operational reality. They also planted the stakes that defined the LMS field around them.

    How constraints became a category

    When you crystallize a data model and a deployment model, you don’t just ship software. You issue a template. Others will either copy it, compete by negation, or try to expand it.

    By 1998, Blackboard was translating the campus web from static pages and CGI scripts into an integrated course experience. WebCT was on a parallel track. By 2000, the outlines looked similar: course containers, role‑based access, a relational core, files on disk, and institution‑run deployments. Blackboard went public in 2004 (NASDAQ: BBBB). In 2006, Blackboard acquired WebCT. Desire2Learn (founded 1999), Sakai (launched as a consortium project in 2004), and Moodle (first released in 2002) offered alternatives — some more open, some with different extensibility assumptions — yet the operational spine was familiar.

    Standards matured around the spine. SCORM packaging made content portable enough for imports and exports across LMSs. IMS specifications advanced over the 2000s, with LTI gaining traction in the 2010s as a live service integration standard rather than file‑based exchange. But the shape held: a core LMS that was the system of record for course membership and grades, with tool providers plugging into pre‑defined seams.

    Lesson — Design for the operational reality of your buyer, from their budget cycles to their staffing.

    The initial architecture met the world as it was, with choices fitting the available hardware, network speeds, and personnel of universities. Procurement wrote RFPs assuming single‑tenant deployments and local change windows. Governance committees debated tool availability as a curricular decision. These are the living parts of an ecosystem aligning to an architecture.

    > When you crystallize a data model and a deployment model, you don’t just ship software. You issue a template.

    Procurement, governance, and labor arranged themselves to the template. Procurement wrote RFPs assuming single‑tenant deployments and local change windows. Governance committees debated course tool availability as a curricular decision, not a platform decision. Labor pools formed — campus LMS administrators, instructional designers, third‑party consultants — specialized to the cadence and constraints of the model. These are not afterthoughts; they are the living parts of an ecosystem aligning to an architecture.

    The consequence is not that “nothing changed.” The consequence is that change moved within the lanes defined by the early map. Features piled on; integrations improved; hosting shifted to managed services and then cloud hosting — but tenancy, the course‑first data model, and the preference for batch imports over real‑time events persisted at the category core well into the 2010s.

    The operational tradeoffs we faced

    To understand why the grid held, re‑enter the room where the whitepaper met campus operations. Four constraints are inescapable when you’re building for institutions in 1997–2003: hardware/software reality, identity and compliance risk, procurement cadence, and staffing patterns.

    Hardware and software reality

    • Server choices were bounded: Solaris or Windows servers were prevalent; Linux was present but unevenly supported by central IT in many institutions.
    • Databases came with enterprise support contracts: Oracle or SQL Server. MySQL existed, but few campuses would standardize production academic systems on it then.
    • Storage was finite and expensive. That pushed binary content to the file system and encouraged quotas and archiving policies.

    These constraints drove practical separation of concerns. A relational database for state. File systems for blobs. Limited, careful use of caching to fit into available memory. The app was monolithic because process supervision, deployment tooling, and operations skills were oriented around maintaining a few big services, not dozens of small ones.

    Identity and compliance risk

    FERPA governed student data. Campuses owned identity and access control through their directories and policies. The whitepaper described authentication via LDAP/Kerberos, authorization inside the application, and audit logs sufficient for reviews. Multi‑tenancy would have raised questions many buyers in 1999 were unprepared to answer. So single tenancy, with institution‑scoped administrators and logs, became the sane call.

    Lesson — Decide your tenancy model deliberately and prove its security and isolation in technical terms.

    Multi-tenancy in the late 1990s would have introduced compliance questions about student data that many institutions were not equipped to answer. If you offer a multi-tenant solution, you must make its isolation, backup, and incident response concrete, not just marketing claims. For us, single tenancy with institution-scoped administrators and logs became the sensible decision because it matched the risk posture of the time.

    Procurement and cadence

    Budget cycles funded perpetual licenses with annual maintenance. Releases had to match academic calendars. Institutions booked change windows between terms. The whitepaper, by describing deployment posture and upgrade steps, made the case that we understood their cadence. In return, campuses accepted that innovation arrived on semester boundaries, not weekly.

    Staffing patterns

    There were not squads of SREs and product engineers on campus. There were a few skilled sysadmins, an LMS administrator or two, and faculty support staff. Simplicity at deploy time and predictability in operations beat cleverness. Our team designed to that reality — and so did our competitors.

    None of this excuses the rigidity that followed; it explains why it had purchase. The category absorbed the tradeoffs and scaled around them.

    The seams that helped and hardened

    When you cannot change your core every month, you create seams where change can happen more often. We considered extensibility not as flourish but as operational necessity.

    Building Blocks as an ecosystem seam

    By the early 2000s, Blackboard formalized an extension model: Building Blocks. The premise was practical. Keep the core stable for administrators, and let institutions and vendors add tools — content types, assessments, integrations — through a packaged interface. It fostered an ecosystem. Toolmakers could ship innovation on their schedule; campuses could adopt without forking.

    Lesson — Treat your extension system as a governed contract with clear lifecycle policies.

    A plugin system represents a policy commitment as much as an API, demanding clear versioning, review processes, deprecation paths, and economic incentives. The Building Blocks seam delivered on its promise, allowing innovation to occur on a separate schedule from core updates. It also hardened the core assumptions, as plugins were designed to attach to a course and honor the existing role model, pushing developers to work around the architecture for different experiences.

    The seam delivered what it promised. It also hardened the core assumptions. A plugin attached to a course, honored the role model, and lived within the request/response cycle the core defined. If you wanted real‑time events, you worked around them. If you wanted cross‑course or cross‑institution experiences, you pushed against the grain.

    Standards as stability engines

    Content standards like SCORM (ubiquitous by the mid‑2000s) meant learning objects could move between systems. IMS specifications advanced identity, outcomes, and tool launches. LTI, as it matured in the 2010s, shifted integrations from file exchange to live launches. Yet even as standards improved the seams, they often preserved — and thereby prolonged — the core shape: course‑scoped, LMS‑as‑hub, batch friendly.

    Hosting shifts without tenancy shifts

    Managed hosting arrived before true SaaS. Institutions outsourced hardware and upgrades to vendors, but retained their single‑tenant instances and governance. The appearance of cloud did not immediately revise the model. It changed who patched servers and how quickly hotfixes landed. It did not change what the core was.

    Seams are instruments. They expand capacity for change; they also define its range. Ours did both.

    The midpoint pivot: when the grid bent

    There was a moment when the category’s street grid bent rather than broke. Between 2009 and 2012, Instructure’s Canvas entered with a multi‑tenant SaaS model, rapid release cadence, and an integration posture that assumed LTI and open APIs. Mobile adoption accelerated. Campuses began to accept — and demand — hosted service models that previously would have stalled at the procurement desk. The avenues widened. The blocks did not change shape.

    The result was telling. Institutions that moved to SaaS LMSs gained speed of updates and a cleaner integration surface. But the fundamental data model — course containers, semester boundaries, role permissions — remained. Analytics grew up around exports and later around APIs, not event streams deeply native to the core. Cross‑institution network effects emerged in tool ecosystems, not in the LMS tenancy itself. The grid, drawn in 1998, flexed.

    This is the lesson in durability. Early documents do not just describe systems; they declare priorities, fence risks, and set defaults. The defaults become culture — in companies, in procurement, in how teams are staffed. You can resurface streets. You keep driving on the same grid.

    The deeper system effects

    The whitepaper’s shape had second‑order consequences beyond software.

    Budget structures followed the model

    Perpetual licenses plus maintenance mapped neatly onto single‑tenant deployments and institution‑scoped admins. Even as vendors introduced subscription pricing, the mental model of “our instance, our uptime, our change windows” persisted in contract terms and service expectations. When releases moved faster, campuses adapted by gating feature flags locally, keeping the logic of local control intact.

    Governance formed around course containers

    Curriculum committees made tool decisions course by course. Permissions reflected faculty authority inside a course. Cross‑department collaboration required negotiated exceptions. When your core object is the course, your governance gravitates to course‑level control debates.

    ### Lesson — Recognize that your architecture reshapes customer habits, budgets, and governance structures.

    The perpetual license with a maintenance fee mapped neatly onto the expectation of local control over change windows. Governance naturally formed around the course container, with curriculum committees debating tool availability on a course-by-course basis. An architecture’s influence extends beyond code to shape the non-technical systems around it.

    Labor markets specialized to the cadence

    A generation of LMS administrators, instructional designers, and IT support professionals built careers around the release and support rhythms implied by the architecture. Tools, certifications, and consulting offerings mirrored the stack. These are gains — a professionalized field — that also reinforce the base model.

    Ecosystem incentives localize

    Vendors built integrations to course‑scoped launches and outcomes. Startups tuned their go‑to‑market to campus‑by‑campus adoption cycles. Even where network effects existed (for example, content marketplaces), they were mediated by course enrollment and LMS roles.

    > Software is only part of the system.

    When you add these layers to the application’s shape, you see why a category stays stable. Software is only part of the system.

    What aged well and what did not

    With the benefit of twenty‑plus years, it is fair to rate the early calls.

    Aged well:

    • Role‑based access control tied to course context. It matched faculty authority and student privacy needs.
    • Storage split. Keeping binary content on filesystems and structured data in relational stores fit operations and backup practices; the abstraction held until object storage matured.
    • Extensibility seams. Building Blocks and later standards enabled an ecosystem that outlived any single vendor’s roadmap.

    Aged poorly or constrained growth:

    • Course‑first data model. It made cross‑program, competency‑based, and lifelong‑learner experiences awkward because person‑centric models had to be layered on after the fact.
    • Batch integrations. They limited real‑time analytics, early alert systems, and adaptive experiences that rely on streams of events.
    • Single tenancy as default. It slowed global improvements, complicated cross‑institution research on learning data, and kept release cycles pinned to academic calendars longer than necessary.

    These are correctable — and they have been corrected in part — but the time constant is long because institutions and vendors optimized around the original lines.

    A brief systems history of the LMS grid

    The path from 1997 to the mid‑2010s follows a familiar category‑formation arc: experimentation, fragmentation, standards, commercialization, consolidation, professionalization.

    • 1997–2001, experimentation: Early platforms like Blackboard and WebCT establish the course-first, single-tenant model in parallel. Institutions run pilots and adapt servers and directories to support them.
    • 2002–2008, standards and commercialization: SCORM becomes de facto for content portability; IMS expands; Blackboard IPOs in 2004 and acquires WebCT in 2006; markets scale on campus procurement rhythms.
    • 2009–2014, SaaS pressure and ecosystem growth: Instructure launches Canvas as multi‑tenant SaaS; LTI adoption increases; mobile clients arrive; managed hosting decreases ops burden but keeps tenancy assumptions.
    • 2015 onward, professionalization and analytics: LMS administration is a career path; ecosystems of third‑party tools scale; analytics improve via APIs and exports; the core data model gradually loosens but persists.

    A category matures when standards and labor markets settle around an architecture. Changing the code is easier than changing the contracts and expectations that architecture set in motion.

    What I’d do differently

    Architecture outlives companies because it rewrites habits and contracts. If I were issuing the first whitepaper for an education platform now — or advising a team that is — here is the additive path I would take while honoring institutional realities.

    • Start with a person‑first core and a course projection. Put the durable facts about a learner/educator at the center. Make courses and cohorts powerful views with their own governance, not the base layer.
    • Write the tenancy plan as a living appendix. If you must begin single‑tenant, publish the migration harness to multi‑tenant as a deliverable. If you begin multi‑tenant, prove isolation and control in technical detail institutions can take to counsel.
    • Make events and state co‑equal citizens. Use an append‑only event stream with clear schemas alongside your stateful stores. Document SLAs for delivery and retention so analytics, alerts, and adaptivity can be native.
    • Elevate identity standards to first order. Ship SAML/OIDC/OAuth2 done right. Support guest and cross‑org roles cleanly. Map roles to capabilities explicitly to reduce policy drift.
    • Keep the core small; move fast at the edges. Ship a lean, reliable kernel. Put most new features into plugins with lifecycle governance. Fund the ecosystem — grants, revenue share, documented deprecation — so partners can invest.
    • Make content addressable with rich metadata. Object storage, immutable IDs, and content services make reuse and licensing sane and analytics truthful.
    • Build the exit before the entrance. Ship export/import tooling with versioned schemas. Publish data dictionaries. Run real migrations early with pilot customers and publish the results.

    The street grid metaphor deserves one last use. You can lay avenues wide enough for the vehicles you have never seen. You can orient streets toward the sun so future buildings get light. You can leave rights‑of‑way for rails you do not yet need. That is what a good first whitepaper does. It accepts the city you have and makes a plan for the one that will grow, without locking the next generation into your blocks.

    Architectures teach markets how to behave. Write yours with the humility that others will live in it.

    Share

    Preview LinkedIn copy
    A Sun server in a campus rack. A dean with a printed PDF. A procurement officer asking about Oracle and LDAP. That was the operational setting when we circulated Blackboard’s first architecture whitepaper in the late 1990s.
    
    The document did something simple and durable: it put “course” at the center of the data model, anchored identity in campus directories, separated files on disk from grades and rosters in a relational database, and assumed single-tenant deployments run by each institution. Those were not theoretical calls; they were the only choices buyers would support under FERPA and the hardware/software they already ran.
    
    Those choices set the LMS street grid. For two decades, most of the category—Blackboard (NASDAQ: BBBB, IPO 2004), WebCT (acquired 2006), D2L, Sakai, Moodle—followed the same map: course containers, semester calendars, batch jobs, and on-prem or hosted single-tenant topologies. Even when we added extensibility (Blackboard Building Blocks in the early 2000s) and standards matured (SCORM, then IMS and later LTI), the core remained course-first and institution-scoped.
    
    When multi-tenant SaaS and mobile arrived, Canvas proved a different go-to-market was possible. But the grid we drew still shaped budgets, contracts, org charts, and integrations across higher ed.
    
    Three practical lessons for today’s platform builders:
    - Choose a data model you can evolve. Make “people, content, events” modular from day one.
    - Design seams with incentives. Your plugin model should reward maintainers and keep the core small.
    - Treat identity and events as first-class. Federate auth cleanly and publish real-time streams.
    
    Architecture is governance. Write your whitepapers like bylaws—they will outlive your company. If you’re defining a new category or replatforming an old one, I’m happy to compare notes.
    
    #EdTech #Architecture #LMS #PlatformStrategy