You can access the Security Information tab in the e-assessment system. It covers the key security features used during the administration of the assessment.
Security and rate limiting
Current rate-limiting is set to support approximately 250 concurrent students from a single IP address actively completing the assessment. This should allow schools to continue routing all of their traffic through a single IP. More specifically, the firewall will flag and limit IP addresses that make more than 30,000 requests within any 5-minute block of time. If your Board has transitioned to SD-WAN, this rate-limiting may or may not be applicable depending on the specific number of students that is assigned to each IP address in your system configuration.
In order to support you in the event of a system alert indicating that one of your IP addresses is exceeding the rate threshold that is set, we ask that Boards provide a list of known IP addresses for which issues might be anticipated (or a full list just in case) to info@eqao.com for coordination. If your Board uses dynamic IP addresses, the range can be provided so that it is kept on record. If we detect an event that involves any known IP address, our support team will be in touch with the Board IT Contact to inform them. This will also allow our support team to provide your Board with support should an attack originate from within your Board.
Transitioning to SD-WAN
We will be coordinating a solution that ensures the integrity of the system’s security protocols for school boards that are still transitioning to SD-WAN. If you are in this situation, e-mail eqao-support@vretta.com.
Firewall’s domain-allowed list
The following addresses are used by the assessment site and need to be allowed to run on the assessment devices at all school boards and schools. Please add these addresses to the firewall’s domain-allowed list:
- stripe.com
- vretta.com
- *.stripe.com
- *.vretta.com
- cdnjs.cloudflare.com
- cdn.rawgit.com
- d3azfb2wuqle4e.cloudfront.net
- d3f6c695rnoy7r.cloudfront.net
- d3c1mbjtikq6ue.cloudfront.net
- fonts.googleapis.com
- fonts.gstatic.com
- maxcdn.bootstrapcdn.com
- mnomt58qw8.execute-api.ca-central-1.amazonaws.com
- mqvurtmevc.execute-api.ca-central-1.amazonaws.com
- s3.ca-central-1.amazonaws.com
Safe sender list
Please ensure that this e-mail address is on your school board’s safe sender list: no-reply@eqao.vretta.com. It will be used to send account invitations to school administrators and teachers.
Here are some questions you may want to ask technical staff handling setup at the schools:
- If you have a firewall, have you added the listed domains to the allowed lists?
- Does your school have a firewall that protects data in computer labs and other devices on the network?
- Does your school have a firewall that protects the network?