Make Cloud Load Testing Secure

Cloud load testing is an emerging trend that can provide transformative benefits to organizations that adopt it.  Moving your JMeter, Gatling, or other open source load testing into the cloud can provide reduced maintenance, uncapped scale, and improved integration to your CI/CD pipeline.

Security Concerns When Moving to Cloud Load Testing

Though the benefits may be apparent to most, many organizations fail to reach the nirvana of cloud load testing due to overwhelming concerns from IT and security operations teams.  These teams often fear the unknown, and will resist cloud load testing due to questions such as:

  • Do we need to open up our firewalls to the public internet?
  • Do we run the risk of unencrypted traffic being captured in transit?
  • Is our data secure when stored in the cloud?
  • Will the cloud load testing platform provide an uncontrolled vector for launching DDoS attacks?

Options Available to Make Cloud Load Testing More Secure

Though many of these questions would have previously uncovered major limitations in cloud load testing platforms, today’s solutions are much more secure and robust, overcoming the major issues.  For example, at Flood we offer 3 unique hosting and security options to increase your peace of mind when using a cloud load testing platform.

Option 1: Demand Hosting

Servers hosted: in a shared (Flood) account in AWS or Azure

Additional configurations: none

Best For:

  • Least secure apps, ideally publicly hosted (can’t be used at all when a firewall is in place)
  • Easiest set up
  • Shorter term projects

Option 2: Demand Hosting, with whitelisted IP’s

Servers hosted: in a shared (Flood) account in AWS or Azure

Additional configurations: IP addresses collected from Flood UI or API, added to the firewall rules to allow traffic in and out

Best For:

  • More secure apps, hosted behind a firewall
  • More involved set up, with coordination of security/firewall team
  • Shorter term projects

Option 3: Demand Hosting, with Flood Aqueduct

Servers hosted: in a shared (Flood) account in AWS or Azure

Additional configurations: Flood Aqueduct installed on a machine within the network, tunnel linked to the grid in the Flood UI

Best For:

  • More secure apps, hosted behind a firewall
  • Less involved set up, with installation of Aqueduct on any machine on the network
  • Smaller amounts of load generated
  • Longer term projects

Option 4: Self Hosted, with Elastic IP’s

Servers hosted: in a private (customer owned) account in AWS or Azure

Additional configurations: Set up user for Flood in AWS, create integration to that AWS user in the Flood integration settings.  Configure Elastic IP’s in AWS, and make sure those Elastic IP’s are connected to your Flood account (and also whitelisted via your Firewall)

Best For:

  • More secure apps, hosted behind a firewall
  • More involved setup, with need to setup elastic IP’s and whitelist traffic from those IP’s through the firewall
  • Larger amounts of load generated
  • Longer term projects

Option 5: Self Hosted, with VPC

Servers hosted: in a private (customer owned) account in AWS or Azure

Additional configurations: Set up user for Flood in AWS, create integration to that AWS user in the Flood integration settings.  Configure VPC in AWS, and make sure that VPC is connected to your Flood account.

Best For:

  • More secure apps, hosted behind a firewall
  • More involved setup, with need to VPC
  • Larger amounts of load generated
  • Longer term projects

Putting it All Together

If you want to give this a try on your own, provision a free trial of Flood in less than 5 minutes.  Our standard trials come with 5 node hours to use with your demand account (including with Aqueduct, if you so desire).  If you’d like to try out the hosted option with your own AWS account, please contact our support team to turn that integration on for you.  Once we have turned on that feature in your trial, you can head to the integrations area to integrate your AWS account and try our other secure cloud load testing options.


Ready to get started?

Sign up or request a demo today.