Varma & Varma — Technology Handbook

⏱️ Recently Viewed Clear

📑 Table of Contents ✕

Technology Handbook

Your complete guide to Varma & Varma's self-hosted technology stack — covering every tool, access policy, and workflow procedure for daily practice.

—

Live Apps

—

Coming Soon

8yr

Data Retention

SSO

Single Sign-On

Where to Begin

All firm applications are accessible via a single login at auth.varma.ai. Authenticate once and access every tool you are authorized to use — no separate passwords required.

Create your account — Visit auth.varma.ai and sign up. Your account will be linked to your user group by the IT team.

Enable MFA — Set up multi-factor authentication in Authentik immediately. This protects all downstream applications simultaneously.

Install Bitwarden — Add the Bitwarden browser extension and set the server URL to https://vault.varma.ai. Store all credentials here.

Explore your tools — Browse the Application sections in this handbook to understand what each tool does and when to use it.

Raise issues via the IT helpdesk — Any technical difficulty or access problem should be logged at tickets.varma.ai or emailed to tech@varmaandvarma.com.

Technology at a Glance

📊

Audit & Analytics

DataSense, GST extractor, sampling tools, and compliance checks built for CA workflows.

🤖

Knowledge & AI

Private LLM interface, team knowledge base, transcription, and firm-wide LMS.

📄

Document Tools

OCR-based document management, PDF toolkit, and AI-powered document conversion.

🛡️

Security Policies

Data classification, retention schedules, incident response, and compliance frameworks.

ℹ️

All applications run on private firm infrastructure under *.varma.ai domains. No client data is transmitted to public cloud services unless explicitly noted (Azure OpenAI models are opt-in).

Infrastructure Overview

Architecture, network topology, and core components

Architecture

The firm operates a containerized, self-hosted infrastructure using Docker and Traefik reverse proxy. Every application runs on dedicated private servers with the following guarantees:

SSL/TLS: Automated Let's Encrypt certificates for all *.varma.ai domains
Authentication: Centralized SSO via Authentik — one login for all apps
Monitoring: Real-time health checks and uptime alerts
Backups: Automated daily backups with 8-year retention

Network Flow

Internet │ ▼ Traefik (Reverse Proxy) ←── Let's Encrypt (SSL/TLS) │ ▼ Authentik (SSO Gateway) │ ▼ ┌───────────────────────────────────────┐ │ Docker Isolated Network │ │ │ │ datasense │ llm │ docs │ ... │ └───────────────────────────────────────┘

Core Infrastructure Components

Component	Domain	Purpose	Access
Traefik	`100.84.7.54:8080` (Tailscale)	Reverse proxy & SSL management	Admin
Authentik	`auth.varma.ai`	Single Sign-On identity provider	Admin
Portainer	`portainer.varma.ai`	Container management	Admin
Dozzle	`logs.varma.ai`	Real-time log viewer	Admin
Watchtower	—	Automatic container updates	Admin

💡

Infrastructure components are managed exclusively by the IT team. If you encounter a service outage, check status.varma.ai before raising a ticket.

SSO, user groups, password policy, and MFA

Single Sign-On (SSO)

All applications are protected by Authentik SSO. Authenticate once at auth.varma.ai and access every authorized tool seamlessly — no repeated logins.

⚠️

Do not share your Authentik credentials with anyone — including colleagues. Each staff member must maintain an individual account. Sharing credentials is a policy violation.

User Groups & Access

Group	Members	Access Level
Partners	All Partners	Full access to all applications
Managers	Assistant, Deputy, Senior Managers	Full access except admin tools
Qualified Assistants	Newly qualified CAs	Full access except admin tools
Semi-Qualified Assistants	Articleship completed trainees	Standard access
Articled Assistants	Current trainees	Standard access
Interns	B.Com, MBA, BBA students	Limited access
Administrative Staff	Support staff	Business applications only
Authentik Admins	IT Team	Full administrative access

Access Symbols Used in This Handbook

Symbol	Meaning
🔓 All Users	Accessible to every staff member
🔐 Restricted	Requires specific group membership
🔒 Admin Only	IT Team only
✅ Live	Application is deployed and active
🚧 Coming Soon	Under development

Password Policy

Minimum 12 characters
Must include uppercase, lowercase, numbers, and special characters
Password rotation recommended every 90 days
MFA strongly recommended — configure via Authentik settings

Test Your Password Strength

Start typing to evaluate your password.

Audit & Analytics

In-house tools built for CA audit, compliance, and data workflows

Quick Number Tools

Inline utilities for common CA number tasks — no context switching required.

Indian Number Formatter

GSTIN Validator

Knowledge & AI

Private AI assistant and LMS

💡

Privacy note: All queries on the Open WebUI remain within firm infrastructure. Only queries routed to Azure OpenAI models leave the private network. Local Ollama models are available for sensitive client matters.

Document Tools

PDF manipulation and document utilities

Business Applications

Time tracking and password management

Time Tracking Workflow

Start timer on Kimai when beginning fieldwork, review, or reporting for an engagement.

Categorize by activity type: Fieldwork / Review / Reporting / Tax / Advisory.

Stop timer when switching tasks. Avoid bulk end-of-day entries for accuracy.

Submit weekly timesheet for manager approval by Friday COB.

Export month-end report for partner review and billing generation.

Development & Utilities

Analytics, design system, and internal tools

Monitoring & Search

Private search and uptime monitoring

Data Security & Compliance

Classification, retention, protocols, and incident response

Data Classification

Class	Examples	Handling
Public	Firm announcements, public profile	No restrictions
Internal	Firm policies, SOPs, training materials	Staff-only access
Confidential	Client engagement data, audit evidence, financials	Need-to-know; encrypted
Restricted	Passwords, encryption keys, personal data	Vaultwarden only; no email

Data Retention Schedule

Record Type	Retention Period	Legal Basis
Audit working papers	8 years from completion	ICAI / Companies Act 2013
Client correspondence	8 years from last communication	ICAI Code of Ethics
Tax records	8 years from assessment year	Income Tax Act 1961 §54
Financial statements	8 years from FY end	Companies Act §128
Application logs	90 days (admin only)	IT Policy

Backup & Disaster Recovery

Parameter	Specification
Backup schedule	Daily incremental; weekly full
Backup encryption	AES-256, offsite encrypted storage
Retention	8 years
RTO (Recovery Time)	24 hours for critical systems
RPO (Recovery Point)	24 hours (last daily backup)

Compliance Frameworks

The firm's infrastructure aligns with: Chartered Accountants Act 1949 (data security obligations), Information Technology Act 2000, Companies Act 2013 §128 & §143, ICAI Code of Ethics, and GDPR principles where applicable.

Incident Response Procedure

🚨

If you suspect a security incident — unauthorized access, data breach, or credential compromise — follow the steps below immediately.

Change your password immediately at auth.varma.ai.

Raise a CRITICAL priority ticket at tickets.varma.ai or email tech@varmaandvarma.com with all available details — timestamps, error messages, affected systems.

Do not delete or modify any evidence — logs, emails, or files related to the incident.

IT team will acknowledge within 24 hours and issue remediation instructions.

Follow IT instructions precisely. Do not attempt independent remediation.

Support & Troubleshooting

How to get help and resolve common issues

Primary Support Channel

All IT issues must be logged via the IT helpdesk. This ensures issues are tracked, prioritized, and resolved with an audit trail.

Channel	Detail
Web portal	tickets.varma.ai
Email	tech@varmaandvarma.com
Critical SLA	24 hours (system down, data loss, security)
Non-critical SLA	72 hours (minor bugs, queries, feature requests)

Common Issues & Solutions

🔐 Cannot log in to applications ▾

1. Verify you are using correct Authentik credentials.
2. Clear browser cache and cookies.
3. Try incognito / private browsing mode.
4. Confirm Authentik is accessible at auth.varma.ai.
5. Contact IT via tickets.varma.ai or email tech@varmaandvarma.com for a password reset.

📁 File upload failures ▾

1. Check file size — some applications enforce a size limit.
2. Verify file format is supported (see Quick Reference → File Formats).
3. Try Chrome or Edge (chromium based browsers are recommended for troubleshooting).
4. Check your network connectivity.
5. If the issue persists, raise a ticket at tickets.varma.ai with an error screenshot.

🐢 Applications loading slowly ▾

1. Check internet connection speed.
2. Close unnecessary browser tabs.
3. Clear browser cache.
4. Try a different browser.
5. Check status.varma.ai for service status.

🔍 Cannot find previously uploaded data ▾

1. Confirm you are logged in to the correct account.
2. Check if your session has expired — some applications require an active sign-in for cloud saves.
3. Ensure data was explicitly saved (look for auto-save indicator).
4. Contact IT via tickets.varma.ai if data appears permanently lost.

Best Practices

💡

Use Chrome 90+ or Edge 90+ for all firm applications. Disable ad blockers on *.varma.ai if you encounter loading issues. Keep the browser updated.

Quick Reference

Application URLs, file formats, and browser compatibility

All Applications

Application	URL	Purpose	Access
Loading…

File Format Support

Application	Supported Input Formats
Sales Register	XLSX, XLS, CSV
CorpCheck	XLSX, XLS, CSV (bulk check) · Name / CIN search (lookup)
GSTR Returns	JSON, PDF
Challans	PDF
Apache Tika	1000+ formats: PDF, DOCX, PPTX, XLSX, images, audio, video, archives
VouchPaper	PDF (source) · PNG, JPG (output)
MD2DOCX	Markdown .md (input) · DOCX (output)
Data Analytics	CSV, XLSX, JSON, Parquet

Financial Year Calculator

Enter any date to instantly get its Financial Year, quarter, Assessment Year, and days to year-end.

Browser Compatibility

Browser	Status
Google Chrome 90+	✅ Recommended
Microsoft Edge 90+	✅ Recommended
Mozilla Firefox 88+	✅ Recommended
Safari	⚠️ Limited testing — use at own risk
Internet Explorer	❌ Not supported