How to Keep Your Data Secure Behind a Firewall and Still Enjoy SaaS
Load testing in the cloud provides many advantages. These include unprecedented scalability and flexibility, as well as advanced reporting and analytics utilizing big data technologies. Working with a SaaS solution also provides the luxury of always working with the most up to date product, seamlessly. However, some organizations are reluctant, or unauthorized, to expose sensitive data to the cloud, even when it’s secured and encrypted.
After listening to our clients, who were looking to adopt our SaaS solution but had to maintain their data on premise, we created an innovative hybrid solution, which provides the best of both worlds.
On the one hand, the technology we created allows keeping sensitive information, such as text originating from a test script, on the private network, only visible within the firewall. On the other hand, data processing and all other aspects of the software reside in the cloud, where anonymized statistical data is stored.
By adopting this technology, data sensitive organizations can now leverage the benefits of SaaS and the cloud without having their sensitive data leave their private network.
How Does it Work?
Before the Load Test
All files are stored on a private storage system, located on the customer’s network (on-premise). These include test scenarios and scripts as well as any auxiliary files that are uploaded with the scripts. All tested URLs, API endpoints, command names and arguments - in short, all data that is classified as sensitive - is stored on-premise.
A relatively lean piece of software, the BlazeMeter (on prem) App, is preinstalled on the private network. This is done by a shell script that queries users about their BlazeMeter account details and also their specific environment details such as internal addresses and connection configurations to the internal storage. Then, the script creates two Docker containers that will act as their internal organizational web server.
Running the Load Test
Now, the user uses a browser to access the BlazeMeter app, which is installed on the enterprise network, and acts as a smart proxy between the user and cloud-based BlazeMeter SaaS platform. The user clicks on “Create Test”, and receives the BlazeMeter Cloud app page (from the other side of the firewall). She or he uploads their test script - JMX/YAML/etc file. As mentioned above, the file is uploaded to a private storage system (inside the corporate network).
The user then configures the test and adds relevant test data. The test data is sent to the Docker gateway container, where the sensitive parts are stored on customer’s private storage. Then, the anonymized test configuration is sent with to the BlazeMeter Cloud. No sensitive information crosses the firewall.
When viewing the test, the BlazeMeter app retrieves the anonymized test configuration from the BlazeMeter Cloud platform, enriches it with the relevant data fetched from private storage and presents the user with a familiar picture. This picture was built from data that comes from the Cloud (anonymized part) and from the private storage (sensitive parts).
The test is ready now to be executed! Once the user clicks ‘Run’ button, the load generator can run the test on website, app or service to be tested inside the enterprise network. BlazeMeter’s Load Generator software is launched in a docker container (or multiple containers - per user configuration) which starts by retrieving anonymized test configuration BlazeMeter Cloud.
Then, the BlazeMeter app gateway container decodes the startup script, adds to it the sensitive data parts stored on private storage (this data was never sent to the cloud, like credentials and endpoints). The modified script is now ready - and the Load Generator executes the test.
Getting Load Test Reports
The output test data is submitted to the BlazeMeter gateway container, where it is anonymized and sensitive parts are saved in the private storage. Finally, the anonymized data is sent to the BlazeMeter Cloud for analysis and processing. A user who looks at the BlazeMeter app from the cloud would only see anonymized (somewhat meaningless) statistics, without any sensitive information.
Now, the heavy lifting occurs. BlazeMeter’s “brain” performs - aggregations, manipulation and advanced logic; which creates multiple sophisticated reports with advanced analyses. These are all based on anonymized data, which makes no sense without the extra information stored on private storage.
Finally, the anonymized reports are going through the BlazeMeter gateway container where they are combined with sensitive data (fetched from local storage), enabling user to view the real test results.
What Data looks like On Premise
What Data looks like on the BlazeMeter Cloud App
With this innovative solution, our clients don’t need to provide any infrastructure, except a machine with Docker installed on it. The script we provide takes care of everything else. New BlazeMeter App Cloud features do not require any Docker upgrades, and installation is quick. The only times users need to upgrade, which are rare, are upon bug fixes specific to their on-prem version. Upgrades take place automatically, as part of our release cycles - without any human intervention required. Therefore, there is no need to maintain the environment - just like in SaaS.
Here is a video of how it works:
Here are some tips for developing a solution for a huge problem like this:
- Start small, and check if your idea is feasible on a small scale. Don’t start with bringing an entire product.
- Keep going back to the customer’s problem and make sure you are answering their needs, before advancing with the code.
- Divide that tasks into smaller tasks, and then into even smaller tasks. Set milestones according to different fields. Ex.: changes in the API, changes in the GUI, the required environment, etc.
If you can’t stand the heat… take your time getting used to it. But stay in the kitchen.
To learn more about how BlazeMeter’s Private Cloud fits your needs, request a demo here.
To learn more about BlazeMeter, which enables scalability, advanced reports, collaboration and more, through SaaS and Cloud Computing, request a demo or just put your URL or JMX file in the box below, and your test will start in minutes.