The mabl Link feature allows plan and journey execution against test environments on private networks. This feature is useful for accessing:
- Private test environments
- Development environments running on
localhost(e.g. a web app running on
- Ephemeral cloud environments accessed via VPC or AWS Direct Connect
See using mabl Link for detailed mabl Link setup instructions.
The mabl Link feature works by establishing a secure tunnel between a non-public network and mabl's test infrastructure. The tunnel connection is initiated as an outgoing connection from the private network to mabl. Although it may be necessary to configure a firewall rule to allow this tunnel connection to be established, many firewalls are configured to allow all outgoing connections to pass through without the need to add any specific rules. Once the tunnel has been established, mabl will be able to securely access test hosts on the private network.
Below is a diagram showing the various components of mabl Link and how they communicate. The components and arrows in green indicate the mabl Link tunnel and the direction in which tunnel connections are made. The components and arrows in blue indicate the test infrastructure and the direction in which connections are made when executing tests.
In order to use mabl Link, you will first have to download and run the mabl Link Agent application on a host that can directly access the system you would like to test. For example, you could run the Link Agent on the same host where the application you would like to test is running, or you could run the Link Agent on a different host as long as that host can access the system under test. Another possibility is that you would like to use mabl Link to test changes on your local workstation before committing them. In that case, the Link Agent can be run right on your workstation, and you can run tests against
Once the Link Agent is running on a host that can access the system under test, you just need to configure mabl to use this Link Agent when executing tests. Link Agents must be associated with mabl environments (see
Configuration ⇒ Environments in the mabl UI) in order to direct tests to use them. Either create a new environment or edit an existing environment, and then select the Link Agent name that you chose when you started the agent. Any plan that is associated with this environment will automatically route all test traffic through this Link Agent when it executes.
The Link Agent is a small application that establishes a secure SSL tunnel to mabl and allows mabl to access your non-public infrastructure during test execution. The Link Agent requires two parameters at run time:
- The API key for the workspace where your tests are defined
- A user-defined name for the Link Agent that will be used to identify it later on
No. The mabl Link feature does not depend on any VPN technologies, and you will not have to install or configure a VPN client or server in order to use mabl Link. Instead, mabl Link uses the Link Agent application to establish a secure gateway between the mabl test infrastructure and your private test environments.
DNS resolution occurs on the Link Agent, which means that DNS names are resolved within your environment, not mabl's. There are several advantages of this design:
- Tests can be executed against hosts with non-public DNS names
- Tests can be both trained and executed against the same non-public FQDNs, all from within your private network
- Tests can be executed against local development environments, even
- Non-publicly-routable IP addresses may be used as well, e.g.
We recognize the importance of security and privacy when allowing mabl to access your non-public environments, and for this reason we have designed security features into every component of mabl Link.
Link Agent ⇒ mabl Connection
- The mabl Link tunnel is a TLS connection that uses 4096-bit RSA keys that are specific to your workspace and agent
- Each agent is allocated its own dedicated container within mabl. Tunnels and containers are never shared between agents (even for different agents within the same workspace), so there is never any multi-tenant access to your private mabl links.
- The tunnel uses client and server certificate verification so that your Link Agents are guaranteed to be connecting only to the correct tunnel endpoint within mabl. Likewise, on the mabl side we ensure that only the Link Agent we expect to see is allowed to connect to a given tunnel endpoint.
Test Execution over mabl Link
Authentication is enforced by the Link Agent to ensure that only tests with the same workspace and agent name are allowed to route their traffic through that agent. This authentication prevents any accidental cross-talk that might otherwise occur.
Link Agent Isolation
The design of the Link Agent allows for it to be run within a DMZ or on a dedicated host (or VM or container) with strict firewall rules that will only allow it to access the desired system(s) under test. This configuration is not required, but it can be used to provide an extra layer of security.
There are two ways that mabl Link can be disabled depending on your intentions. If you simply want to stop routing traffic from your tests through mabl Link you can edit the environments on which mabl Link is enabled and deselect the Use link agent checkbox. To completely remove mabl Link from your infrastructure, simply shut down all mabl Link Agents. If you disable all Link Agents, please remember to also uncheck Use link agent in any mabl environments where you've enabled it, or the tests associated with those environments will fail.
Get started using mabl Link
|Using mabl Link|