Description
GenRocket' hybrid architecture contains a Cloud and an On Premise component. This hybrid architecture provides ultimate security and flexibility, so that customer information is never stored in the GenRocket cloud. All synthetic test data is generated in the customer environment, behind their firewalls. A high-level diagram of the hybrid architecture is shown below.
GenRocket cloud component ("GenRocket Cloud") is used to "model" and "design" the test data needed, creating data generation instruction sets, which are then downloaded and executed in customer environment. Customers have an option of either subscribing to a multi-tenant (Virtual Private Cloud - VPC) or a single-tenant (Dedicated Private Cloud - DPC).
Please refer to the image shown below to learn more about how these two components work together:
GenRocket Cloud Component (VPC or DPC)
GenRocket Cloud is a SaaS solution hosted in a fully secure cloud, on AWS:
- Hosted on AWS & certified ISO 27001 compliant infrastructure
- AWS Security Groups provide Firewall security
- AWS WAF is used to protect against DDOS attacks
- All sessions between the cloud and customer environment is secured via HTTPS with TLS 1.2 encryption
- GenRocket cloud is additional secured by other security controls such as scheduled scanning of the code, intrusion detection measures, regular 3rd party penetration testing, and regular DR exercises.
- Customer can set password expiry timeline, requiring users to update passwords according to corporate policy (this is not necessary for customers using SSO, through corporate identity provider such as ActiveDirectory, OKTA etc.)
User Management and Access Control
Each time a user logs into GenRocket Cloud, they create a secure, encrypted connection from their browser to the GenRocket Cloud. We require a valid username and password. All passwords are encrypted with a SHA-256 one-way hash.
- All users must pass a license verification check
- Users are authenticated with encrypted passwords
- SSO & MFA are available for extra security
- Customer users with "Org Admin" roles performs the user management functions
- User Access is restricted via role-based permissions (managed by customer Org Admins)
GenRocket Test Data Generation Instructions Sets (Scenarios, G-Cases, Configuration Files etc.)
Data generation Scenarios (i.e., instruction sets) are modeled by your users in the GenRocket Cloud and then downloaded to a machine inside your firewall.
- Required test data is "modeled" and "designed" in the cloud, through instruction sets called scenarios/cases
- Those instructions are then downloaded in customer environment using HTTPS with TLS 1.2 encryption
- Scenarios /cases contain no customer data or synthetic data, just the instructions for GenRocket runtime
- Downloaded instructions sets will go through checksum validation when executed in customer environment (ensuring they have not been tempered with).
- Only authenticated and licensed users can run Scenarios.
- Data is only generated securely On Premise behind a firewall.
- GenRocket does not need to read or be trained on your data to be able to generate synthetic data.
Local, On Premise Component
The On Premise Component, consists of GenRocket Runtime and resides in your local environment, behind your corporate firewall. The local/on premise component can be deployed on local machine, like laptops or servers (for scalability).
GenRocket Runtime
The GenRocket Runtime is a light weight set of Java jar files, that executes the instructions sets (scenarios, cases, etc.) downloaded into customer environment and if needed connect to databases for data insertion.
- The Runtime is installed in customer environment (on local machine or servers) behind the corporate firewall
- All data is generated in the customer environment, behind the firewall, typically where runtime has been installed
- Each time test data generation instruction sets are executed, Runtime performs a real time user and license check with the Cloud component - so only users with active license can execute the instruction sets
- Connection to your database (if database insertion is necessary) can occur via encrypted configuration file, created by the user and stored in your environment (GenRocket has no knowledge of the database credentials for connectivity).
G-Repository
G-Repository part of the GenRocket runtime, can be enabled to enhances security:
- G-Repository can serve as the single channel through which all communication between GenRocket cloud and customer environment can take place. This removes the need for individual machines or servers to communicate with GenRocket cloud individually.
- Instruction set and configuration file downloads and updates are automatically sent through the corporate firewall to G-Repository Server via an HTTPS connection using TLS 1.2.
- Users no longer connect to the Internet to download instruction sets and configuration files (they just connect internally to the G-Repository server and G-Repository connects with GenRocket cloud)
- User license check is also conducted through G-Repository instead directly.
Additional Resources
Please see the following articles to learn more about the security features discussed in this article:
| Topic | Description |
| GenRocket Runtime Overview | Learn more about GenRocket Runtime and what steps are required to set it up. |
| G-Repository Overview | Learn more about setting up and using G-Repository Server and Client. |
| G-Repository Security Overview | View common questions and information that pertains specifically to G-Repository Security. |
| SSO Integration with GenRocket | Learn how to set up SSO (Single Sign-On) for your organization. |
| MFA Setup and Management | Learn how to enable and set up MFA (Multi-Factor Authentication) for your organization. |
| MFA User Login Steps | Learn what steps users must take to log in when you have enabled MFA for your organization. |
| User Management Overview | Learn more about the available roles and how to manage GenRocket users within your organization. |
| Team Permissions | Team Permissions can be used to ensure application users access the appropriate features. Four system roles are available when setting up Team Permissions and provide different security access restrictions. |