Wednesday, March 11, 2009

Working with Firewalls in Loadrunner

Working with a firewall means that you can prevent unauthorized access to
or from a private network, on specific port numbers.

In a regular LoadRunner load test scenario (not over a firewall), the
Controller has direct access to the LoadRunner agents running on remote
machines. This enables the Controller to connect directly to those
machines.

When running Vusers or monitoring applications over a firewall, this direct
connection is blocked by the firewall. The connection cannot be established
by the Controller, because it does not have permissions to open the firewall.

LoadRunner solves this problem by using a communication configuration
based on HTTPS or secured TCP/IP. This configuration uses the standard SSL
port on the firewall (port 443).

A LoadRunner agent is installed on load generators running Vusers over a
firewall, and on Monitor Over Firewall machines that monitor the servers
that are located over a firewall. The agent communicates with the MI
Listener machine through port 443 in the firewall.

The MI Listener is a component that serves as router between the Controller
and the LoadRunner agent.

When the LoadRunner agent connects to the MI Listener, the MI Listener
keeps a listing of the connection to the agent using a symbolic name that
the agent passed to it.
When the Controller connects to the MI Listener, it communicates to the
MI Listener through port 50500.

The following diagram is a basic example of a LoadRunner deployment over
a firewall.



Setting Up your System to Use Firewalls: Basic Steps

Setting up your system to use firewalls involves the following stages of
configuration:

Installation and initial configuration
Running Vusers over a firewall

****************************************
Installation and initial configuration
****************************************

To enable over-firewall communication, ensure that you have installed the
following LoadRunner components:

MI Listener
Monitor Over Firewall component
To perform initial configuration of your over-firewall system:
1 Configure your system according to TCP or HTTPS.
2 Modify your firewall settings to enable communication between the
machines on either side of the firewall.
3 Configure the MI Listener.

Configuring the MI Listener

To configure the MI Listener:

1 Open incoming HTTPS service for port 443. The port settings are set by your
system administrator.
2 Stop the LoadRunner agent on the MI Listener machine by right-clicking its
icon in the system tray and selecting Close from the popup menu.
3 Run MI Listener Configuration from
Start > Programs > LoadRunner > Advanced Settings, or run \launch_service\bin\MILsnConfig.exe.



4 Set each option as described in the following table:


5 Click OK to save your changes, Cancel to cancel them, or Use Defaults.
6 Restart the LoadRunner agent by double-clicking the shortcut on the
desktop, or choosing Start > Programs > LoadRunner.
7 Make sure that port 443 is free on the MI Listener machine.

**********************************
Running Vusers over a firewall
**********************************

To set up your system to run Vusers over a firewall:

1 On each load generator machine that will be running over a firewall,
configure the LoadRunner agent to communicate with the MI Listener.
2 Configure the Controller machine to recognize the load generator and MI
Listener machines.

Configuring LoadRunner Agents Over the Firewall

1 Stop the LoadRunner agent by right-clicking its icon in the system tray and
selecting Close.
2 Run Agent Configuration from Start > Programs > LoadRunner > Advanced
Settings, or run \launch_service\bin\AgentConfig.exe.
3 Select the Enable Firewall Agent check box, and then click Settings.



The Agent Configuration dialog box opens.



4 Set each option as described in “Agent Configuration Settings”




5 Click OK to save your changes, or Cancel to cancel them.
6 Restart the LoadRunner agent by double-clicking the shortcut on the
desktop, or select Start > Programs > LoadRunner > LoadRunner Agent
Service/Process.
7 Check the connection status between the LoadRunner agent and the MI
Listener.

Configuring the Controller for Running over a Firewall

1 Run the Controller from
Start > Programs > LoadRunner > Applications > Controller and create a
new scenario, or load an existing one.
2 Click Generators to display the Load Generators window. In the Name field,
enter the symbolic name of the server. This is the same name that you
entered in the Local Machine Key setting in the Agent Configuration.




3 Select the Load Generator, and click Details to display the Load Generator
Information.




4 In the Security tab, enter the MI Listener machine's name in the MI Listener
field. This is the same name that you entered in the MI Listener Name
setting of the Agent Configuration dialog box. In this example, the MI
Listener is bunji.
5 In the Firewall Settings section, select one of the following options:
➤ Enable running Vusers over Firewall. To run Vusers over the firewall.
➤ Enable Monitoring over Firewall. To monitor Vusers over the firewall.
6 Click OK to return to the Load Generators dialog box.
7 Select the load generator and click Connect.

This will do all the setup required to run your test over the firewall...
Posted by at

8 comments:

  1. RajJuly 19, 2011 at 3:56 AM

    Thanks for the very valuable thread Sunil. Keep up with your work

    ReplyDelete
  2. prashantJanuary 16, 2012 at 6:16 PM

    Too good man this is what I wanted.

    ReplyDelete
  3. UnknownJune 18, 2012 at 1:06 PM

    Any idea on what port generator/agent would use to communicate through firewall to connect to App Servers on the other side of the firewall? Ihave Controller and Agent located on the same subnet and side of the firewall... App servers are located on other side of firewall loadbalanced...

    ReplyDelete
    Replies
    1. Sunil_KunuAugust 28, 2012 at 8:36 AM

      Hi,

      Ideally, all your load generator machines should be on the other side of firewall (in the subnet where your app servers are placed). Then you can perform the setup as mentioned by this blog to enable the communication between the agents and the controllers.

      Sunil

      Delete
    2. UnknownJanuary 20, 2016 at 8:04 AM

      Hi there,
      What is the best approach to follow if the app web and DB servers are in an environment with firewalls in a different geographical location and the load runner controller and generator and jmeter are not a part of the environment with firewalls and are in a different location.
      Any suggestions would really help. Thanks in advance

      Delete
  4. DavoeDecember 12, 2012 at 5:57 AM

    Hello. My name is David. I have installed LoadRunner on HP-UX 11.31 and the other component on windows server 2003. I wanted to configure the loadRunner to see the generator and the MI but i cant figure out how to do that. Please kindly help. Thnaks.

    ReplyDelete
  5. PawanJanuary 23, 2013 at 11:32 AM

    Good explanation. Thanks.

    ReplyDelete
  6. arpitaFebruary 9, 2016 at 11:39 AM

    What if we want to run vusers and monitor the test over firewall ..both during the same test execution?

    ReplyDelete

Subscribe to: Post Comments (Atom)