Description

This article provides answers to common security questions regarding G-Repository. 

It is important to note that at no time is any confidential data that is subject to regulatory compliance frameworks contained in the GenRocket Runtime environment or the GenRocket Virtual Cloud environment. 

What is G-Repository? 

G-Repository is a set of GenRocket components that automatically manages the downloading, updating, and deleting of test data instruction sets (Scenarios) and configuration files (Test Data Cases), to your corporate environment from the GenRocket Cloud.

G-Repository has two primary components that need to be implemented behind the corporate firewall: G-Repository Server and G-Repository Client. 

• G-Repository Server is set up and managed by the Organization Admin.
• G-Repository Client is set up by each user on their local machine to maintain the latest instruction sets and configuration files.

How does G-Repository enhance Security? 

G-Repository enhances security in the following ways: 

• Instruction set and configuration file downloads and updates are automatically sent through the corporate firewall to G-Repository Server via an https connection using TLS 1.2
• Users no longer connect to the Internet to download instruction sets and configuration files
• Users no longer connect to the Internet to verify the user has a valid, enabled profile
• Test Data can be generated in the On Premise environment without an Internet connection

In This Article

• Implementation Questions
• Encryption Questions
• HTTPS and Proxy Support
• Auditing and Mitigation

Implementation Questions

• Who Implements G-Repository? 
• What is implemented?
• Where is G-Repository Server installed?
• What can G-Repository Server be implemented on?
• What can G-Repository Client be implemented on? 
• How long does it take to implement G-Repository? 
• What URLs need to be whitelisted for G-Repository Server in a Corporate Environment? 
• Can the Organization Admin bring G-Repository Server up and down?
• Is the Org Admin able to centrally manage the G-Repository Server? 
• For the G-Repository Client, is a new application installed or is G-Repository Client bundled with an existing application that is running on the client machine?
• How does a user remove G-Repository Client?

Who Implements G-Repository? 

• G-Repository Server - Organization Admin
• G-Repository Client - Each user on their local machine

What is implemented?

• A set of Java Jars: 
  • gr-grepository-servers.jar
  • gr-grepository-clients.jar

Where is G-Repository Server installed?

• Secure, On Premise environment, behind the firewall in a location where users have access.

What can G-Repository Server be implemented on?

• Linux or Mac OS (Recommended) with a certain amount of memory
• Windows (Not Recommended) - Using this operating system may cause a considerable decrease in performance.
• Does not have to be a dedicated server
• It should be a machine that is centrally available to run on

What can G-Repository Client be implemented on? 

• Any machine that runs Java, including Windows, Linux, or Mac
  
  

How long does it take to implement G-Repository? 

• About 25 minutes
  
  

What URLs need to be whitelisted for G-Repository Server in a Corporate Environment? 

The following URLs will need to be whitelisted while setting up G-Repository Server:

• https://app.genrocket.com/
• https://stats.genrocket.com/
• https://repo.genrocket.com/
• https://license.genrocket.com/

Note: For DPC customers, the URLs that need to be whitelisted will be different. Please reach out to our support team at support@genrocket.com to provide the URLs.

Can the Organization Admin bring G-Repository Server up and down?

• Yes.  An Org Admin can disable a G-Repository server and shut it down at any time.

Is the Org Admin able to centrally manage the G-Repository Server? 

• Yes. G-Repository Server can be centrally managed and Organization Admins have control over the server. 

For the G-Repository Client, is a new application installed or is G-Repository Client bundled with an existing application that is running on the client machine?

• It's bundled with the GenRocket Runtime and updates to the Runtime will update the Client Jar.

How does a user remove G-Repository Client?

• While the G-Repository Client is only storing and synchronizing test data instruction sets and configuration files and these files have a tiny footprint so take up very little space on the client machine, they can be removed by the user deleting the base subdirectory where these files exist.
  
  

Encryption Questions

• How are encryption keys managed for Test Data Instruction Sets and Configuration Files (G-Cases)?
• What about AES 256 encryption?
• Do you use the same encryption keys for ALL your customers, or are they unique per customer, or even per G-Repository Server instance hosted by the same customer?
• Is encryption done on both the G-Repository Server and the G-Repository Client? Are there encryption keys on both?
• Are the encryption keys unique for the G-Repository Server and for the G-Repository Client instances? 

How are encryption keys managed for Test Data Instruction Sets and Configuration Files (G-Cases)?

• While GenRocket does not store or transmit any customer data and G-Repository Server is used to synchronize test data instruction sets and configuration files, as a extra layer of security GenRocket still encrypts these files.
  
  
• GenRocket utilizes AES (Advanced Encryption Standard), 128 bit, to encrypt the files. 

What about AES 256 encryption?

• GenRocket does not store or transmit any data in the cloud or from the cloud. Further, the GenRocket Scenarios and Configuration Files (G-Cases) do not contain any data and therefore pose no security risk whatsoever. We encrypt these instruction sets and configuration files just for the sake of encryption even though encryption is not necessary.
  
  
• AES-256 encryption is not needed for GenRocket instruction sets and configuration files because they contain no sensitive data. Most importantly, AES 256 encryption would increase the size of the instruction sets and configuration files slowing down the performance of the GenRocket platform.

Do you use the same encryption keys for ALL your customers, or are they unique per customer, or even per G-Repository Server instance hosted by the same customer?

• As per our response above, encryption is not necessary for GenRocket instruction sets and configuration files and thus encryption key changes are also not necessary. 

Is encryption done on both the G-Repository Server and the G-Repository Client? Are there encryption keys on both?

• Scenarios and other configuration files, which have been downloaded are already encrypted.  When the Client and the Server are communicating with each other, no other encryption is occurring as the files are already encrypted and both client and server are within the organization firewall.

Are the encryption keys unique for the G-Repository Server and for the G-Repository Client instances? 

• See answer in previous question.

HTTPS and Proxy Support

• Does G-Repository Server support proxies for an outbound connection over the Internet. 
• As HTTPS is being used for secure communications, who is responsible for provisioning and managing the SSL certificate?

Does G-Repository Server support proxies for an outbound connection over the Internet. 

• Yes, it does.

As HTTPS is being used for secure communications, who is responsible for provisioning and managing the SSL certificate?

• GenRocket is responsible for provisioning and managing the SSL certificate for the G-Repo server. A Client-side SSL certificate is not required. 

Auditing and Mitigation

Are there capabilities available to immediately determine the number of G-Repository Servers have been deployed, when they were deployed or reconfigured, and by whom in the event of a compromise? Are there audit logs?

• Currently, when an Org Admin deploys the G-Repository Server in your On Premise environment, behind your firewall, G-Repository Server does not communicate that information back to GenRocket. The Organization Admin knows they have deployed the G-Repository Server.
  
  
• G-Repository Server was designedto have a simple 3 port access solutionto pass back minimal information that GenRocket needs to track analytics statistics and to keep the G-Repository Server up to date.