You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
You are viewing the article in preview mode. It is not live at the moment.
Home > General > CIA Volunteer Management System – IT Access Information
CIA Volunteer Management System – IT Access Information
print icon
Oliver Bishop
Jun 27, 2023
views icon 446

CIA Volunteer Management System

Nextcloud requirements

 

Volunteer management system

 

As an IT/service engineer you may be asking what is a volunteer management system (VMS)? As part of its mandate, the Canadian Institute of Actuaries (CIA) manages and supports dozens of volunteer groups involved in many aspects of actuarial science.

The system we use to manage these groups and individuals is Nextcloud. The clustered Nextcloud services are hosted entirely in a private cloud at CIA's headquarters in Ottawa, Canada.

 

 

Components of the VMS platform

  • All components fall under the cia-ica.ca as sub-domains. So whitelisting our main domain is the easiest way to allow access.
  • The URLs that are expected to be used are:
    • vms.cia-ica.ca
    • vmsoffice.cia-ica.ca
    • talk.cia-ica.ca
    • turn.cia-ica.ca
    • stun.nextcloud.com:443
  • The IPs from where these services run from are all in the following subnet:

38.135.128.65 /26

URL to IP Table

Here is the URL to IP Table mapping, and expected ports

 

URL

Public IP

Expected Ports

Notes

vms.cia-ica.ca

38.135.128.100

HTTPS

 

vmsoffice.cia-ica.ca

38.135.128.105

HTTPS

 

talk.cia-ica.ca

38.135.128.103

HTTPS, 3478(TCP&UDP)

This is used for video conference call

turn.cia-ica.ca

38.135.128.104

HTTPS

Used to help create P2P connection between user and TALK server. All connections are P2P encrypted.

 

All information regarding how the talk/turn server works is as follows (this is a copy paste from Nextcloud’s help section):

 

 

  • As long as it shall be used only within one local network, nothing should be needed at all. Just verify that all browsers support the

underlying WebRTC 238 protocol (all famous ones do on current versions), and you should be good to go.

  • Talk tries to establish a direct peer-to-peer (P2P) 85 connection, thus on connections throughout the local network (behind a NAT 48/router), clients do not only need to know each other’s public IP, but their local IP as well. Processing this is the job of a STUN 588 server. As there is one preconfigured for Nextcloud Talk, still nothing needs to be done.
  • In some cases, e.g., in combination with firewalls or symmetric NAT 369 a STUN server will not work as well, and then a so-called TURN 450 server is needed. Now no direct P2P connection is established, but all traffic is relayed through the TURN server, thus additional (at least internal) traffic and resources are needed.
  • Nextcloud Talk will try direct P2P in the first place, use STUN if needed and TURN as last resort fallback. Thus, to be most flexible and guarantee functionality of your
  • Nextcloud Talk instance in all possible connection cases, you must properly set up a TURN server.

 

Tags

close button
scroll to top icon