Cloud Testing Behind the Firewall

[Note: Since this article was published, we’ve given Toffee remotes a more formal name: Toffee Performer.]

Why do I have to install and run a remote before I can execute my tests? Can’t I just test my web application from the cloud only, using just Toffee Composer?

These are fair questions. The short answer is that Toffee remotes allow you to test applications that are protected behind your corporate firewall, while storing scripts, test reports, and test evidence securely and conveniently on the cloud.

The long answer is a bit more involved. Unlike Toffee, cloud-only testing platforms do allow you to test directly from their cloud-hosted platform, provided that the application under test (AUT) is hosted on a public web server that anyone on the internet can access. Many of the applications our customers need to test, however, are never deployed to the internet, but are protected by a corporate network firewall that strictly controls, or simply prevents, access to those applications. Those firewalls prevent access from the internet to sensitive assets, while granting corporate users to controlled access to the internet.


In this common configuration, the tester’s workstation is able to make an outgoing connection to the cloud server, but the cloud server is unable to make an incoming connection to the AUT. This is as it should be: firewalls ensure that you can take advantage of the internet, without the internet taking advantage of you.

If your AUT is protected by a corporate firewall, and you want to grant access to a cloud-only testing platform, you have two options:

  1. Ask your network administrators to open a hole in your firewall to allow incoming restricted access to your AUT servers. This is a dangerous gambit. We don’t recommend it, and we have yet to meet an IT department willing to accept the accompanying risk.
  2. Migrate your AUT out from behind your corporate firewall onto the public internet. Presumably, however, your AUT was protected by the firewall for a reason, else you would have already deployed it onto the internet. Moving assets outside the firewall for the sole purpose of testing is expensive and impractical.

Toffee’s design assumes that neither of these options will fly with our customers, and so we created a hybrid approach that realizes the benefits of cloud-based deployments (Toffee Composer) with locally-installed software, called Toffee remotes. We call this Toffee’s “cloud plus” architecture.


Toffee remotes are lightweight processes that run on your test machines – machines that already have access to AUT’s sitting behind your corporate firewall. Toffee remotes make outgoing connections to Toffee Composer running on the cloud. They use the the same port (443, to be precise) and secure protocols (HTTP over SSL, or HTTPS) as your web browser when talking to Toffee Composer, which makes them firewall friendly. They serve as a capable intermediary between Toffee Composer, the tester, and the AUT.

With its “cloud plus” architecture, Toffee Composer lets you store your scripts, results, and evidence online, conveniently and securely. Easy-to-install Toffee remotes let you test applications both behind and beyond your corporate firewall, without requiring you to compromise the security it affords.

(For our customers that need it, we offer licenses for onsite deployments of Toffee Composer. These allow you to deploy everything – Toffee Composer and Toffee remotes – behind your corporate firewall. Contact us for details.)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.