Secure Cloud Tunnels
Overview
Most likely the pre-production environments (Dev/Integration, QA/Test/Staging, etc.) where the application(s) under test (AUTs) are deployed are NOT publicly accessible and are only accessible within your company’s firewalls or only via secure VPN type access.
The automated functional and cross-browser/device tests that you build and maintain within Worksoft SaaS, during execution, need a “secure” and “reliable” mechanism to access your AUTs deployed within your “behind-your-firewall” environments.
Worksoft SaaS offers several options to its customers to achieve this goal:
· If you have an existing subscription with an external Selenium cloud platform/provider like Sauce Labs or BrowserStack (in addition to the your subscription for Worksoft SaaS), Worksoft SaaS can be configured to use the secure tunneling solutions that these external cloud platforms offer (BrowserStack Local Testing tunneling solution or Sauce Labs Sauce Connect tunneling solution). If you intend to use your BrowserStack account to get your automated tests in Worksoft SaaS to execute, then you can skip the rest of the document and use the instructions here to configure the Local Testing tunnel.
· If you do NOT have a subscription with an external Selenium Cloud Platform/Provider like Sauce Labs or BrowserStack (most likely you fall into this category), Worksoft SaaS offers as part of its subscription, infrastructure (its called ‘Worksoft SaaS Cloud’) where your tests run securely. Internally Worksoft SaaS Cloud uses secure infrastructure from Sauce Labs. In this context, if your AUTs are behind firewalls, you have to install and configure Sauce Labs’ Sauce Connect Solution for Worksoft SaaS tests under execution to access your application(s).
This article provides you detailed information about Sauce Connect secure tunneling solution and how to install and configure it on your end and how to let your Worksoft SaaS subscription use those secure tunnels once installed/configured on your end.
Sauce Connect
Sauce Connect as mentioned above is an extremely secure, easy to install/maintain, reliable and widely used/recognized tunneling solution.
More information about Sauce Connect can be found at: https://docs.saucelabs.com/secure-connections
Here are some useful articles about Sauce Connect that we strongly recommend you read through if you want to learn more about Sauce Connect, how it works, and why it is extremely secure:
Topic | Hyperlink |
---|---|
How is Sauce Connect Secured? | Click here |
Tunnel Start Up Set Up Process – What exactly happens when you start a tunnel? | Click here |
Tunnel Tear Down Process – What exactly happens when you shut down a tunnel? | Click here |
Hardware Requirements to install Sauce Connect | Click here |
Installing and Configuring Sauce Connect – Steps to follow | Click here |
FAQs | Click here |
Overview of Sauce labs Security Processes – A Whitepaper | Click here |
During startup, Sauce Connect creates outbound connections to saucelabs.com on port 443 and the tunnel connection is established to a XXXXX.miso.saucelabs.com address on port 443, and all traffic between Sauce Labs and Sauce Connect is then multiplexed over this single encrypted TLS connection.
Sauce Connect and Worksoft SaaS
Your Worksoft SaaS domain offers you an "authentication key" that has to be used to configure the Sauce Connect tunneling solution installed on your infrastructure.
Only people within your company that have access to your eueQa domain have knowledge of this authentication key (which BTW is stored in an encrypted form in the Worksoft SaaS database that is hosted an extremely secure Tier-1 Data Center).
When you trigger the automated test executions on Worksoft SaaS, Worksoft SaaS first initiates the launching of a new/fresh virtual machine on the Sauce Cloud upon which your automated (SeleniumWebdriver) test executes. The web browser (or device simulator or a real device) that is used to run the test is then initialised on this VM. Worksoft SaaS then passes the "authentication key" to this VM and tells it to use the specific tunnel running on your infrastructure to the application behind your firewalls within your network. This allows for the two way communication between this specific VM (and ONLY this specific VM) and your network.
Once the test completes, the VM is destroyed and the memory flushed out. There is no trace of any code or process left behind on Worksoft SaaS Sauce Cloud, so there is no way for anyone to use the secure tunnel to access your network. Since the secure tunnel is between the Worksoft SaaS Sauce Cloud and your network, your network cannot be accessed directly from the servers that run the Worksoft SaaS Testing Platform SaaS application or the servers that run the Worksoft SaaS database.
Sauce Connect supported platforms are OSX 10.8 and above, Windows 7 and above and Linux 64-bit.
Make sure that saucelabs.com is accessible from the machine running Sauce Connect by performing the below steps.
-
Enter the below command from Terminal (Linux/MAC) or Command Prompt (Windows)
ping saucelabs.com -
Telnet Command for Checking Network Connectivity
telnet saucelabs.com 443 -
cURL method Checking Connectivity
curl –v https://saucelabs.com/
Please find the below link for more information on Troubleshooting techniques. https://docs.saucelabs.com/secure-connections/sauce-connect/troubleshooting
Sauce Connect Tunnel Installation, Configuration, and Start Up:
Download the latest Sauce Connect from https://docs.saucelabs.com/secure-connections/sauce-connect/installation
After downloading sauce connect utility, extract the compressed file and go to the bin directory.
Run the utility with the parameters as specified below to establish a secure tunnel:
Command Line for Windows:
sc -u <username> -k <accesskey> -P 4446 –i <tunnelname>
Command Line for Linux:
./sc -u <username> -k <accesskey> -P 4446 –i <tunnelname>
sc: Sauce connect utility
-u: Username
-k: Encrypted access key used to create the tunnel. You can find username & access key in the ‘Selenium Cloud Platforms’ screen that is accessible from the hamburger menu item when in the context of the ‘Administration’ module of Worksoft SaaS. [Please note that this screen is ONLY accessible to Customer Admin role users within your Worksoft SaaS domain]. Click on the Platform Provider in the grid to view details.
-P: Port number to use for the tunnel
-i: Tunnel name. Please note that you need to make a note of this tunnel name because you have to register this tunnel name with the appropriate Product of your Project within your Worksoft SaaS domain. Please refer to the next section in this article.
Please note that you have to repeat the steps above for each application (Worksoft SaaS Product) and each environment (Dev/Integration, QA/Staging, etc.,).
To understand this better, let's use a fictitious example context. Let's say you have a single application that you want to automate tests in Worksoft SaaS. Let's also assume that this application (maybe different versions of this app) is deployed in the Dev/Integration environment and the QA/Staging environment both of which are behind your company’s firewalls. If you want Worksoft SaaS to run the automated tests against the app versions deployed into both these environments, then you will have to set up a separate Sauce Connect tunnel on your end that securely opens up access to the app deployed in each of those 2 environments. In this example context, you will end up with 2 Secure Tunnel Names.
If you have more than one application (equates to a separate Worksoft SaaS Product within a Worksoft SaaS Project of your Worksoft SaaS Domain) and each of those applications have multiple environments where different versions of these apps are deployed, and all those environments are behind your firewalls, then you need to create separate Sauce Connect Tunnels for each of those environments/app combinations.
Register your External Cloud Platform preference for test executions within your Worksoft SaaS Domain:
- Register your Selenium Cloud Provider account within your Worksoft SaaS Domain
- Associate the Tunnel(s) with the appropriate Worksoft SaaS Project / Product / Environment(s)
If you plan to use your own subscription that you may have with the external platform/provider like Sauce Labs or BrowserStack, you have to follow instructions in this section. If you do NOT have your own subscriptions with Sauce Labs or BrowserStack BUT intend to use Worksoft SaaS cloud for your automated test executions, you can bypass/skip this section. Please note that ONLY Custom Admin roled users within your Worksoft SaaS domain can accomplish the instructions outlined in this section.
Refer article available here to associate Tunnel to a Product/Environment combination.
After the tunnel name is configured at the product level, navigate to the "Add Testing Context" screen of Scenarios or Run Definition to execute the runs.
In "Add Testing Context" select the environment to which the tunnel is configured and select the name of the tunnel
You will have to repeat the steps outlined in this section for each of your Worksoft SaaS Product(s) and each of the environment(s) for each of those Products.