Secure Testing Service



Similar documents
Adobe Marketing Cloud How Adobe Scene7 Publishing System Supports SEO

Portals and Hosted Files

THE OPEN UNIVERSITY OF TANZANIA

Web Application Hosting Cloud Architecture

Test Case 3 Active Directory Integration

HTML Fails: What No One Tells You About HTML

Online sales management software Quick store setup. v 1.1.3

Macromedia Dreamweaver 8 Developer Certification Examination Specification

WEB DEVELOPMENT IA & IB (893 & 894)

SiteCelerate white paper

Getting Started with AWS. Hosting a Static Website

Creating a generic user-password application profile

NetWrix File Server Change Reporter. Quick Start Guide

Google Analytics for Robust Website Analytics. Deepika Verma, Depanwita Seal, Atul Pandey

Criteria for web application security check. Version

WAN Optimization for Microsoft SharePoint BPOS >

SOA Software API Gateway Appliance 7.1.x Administration Guide

QualysGuard WAS. Getting Started Guide Version 4.1. April 24, 2015

Tableau Server Trusted Authentication

Barracuda Networks Web Application Firewall

XIA Configuration Server

Penetration Testing with Selenium. OWASP 14 January The OWASP Foundation

Web Development I & II*

Chapter 6 Virtual Private Networking Using SSL Connections

How To Test Your Web Site On Wapt On A Pc Or Mac Or Mac (Or Mac) On A Mac Or Ipad Or Ipa (Or Ipa) On Pc Or Ipam (Or Pc Or Pc) On An Ip

Online Data Services. Security Guidelines. Online Data Services by Esri UK. Security Best Practice


Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

Rational AppScan & Ounce Products

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall

EdgeCast Networks Inc. Token-Based Authentication Administration Guide

Web Page Redirect. Application Note

ShoreTel Enterprise Contact Center 8 Installing and Implementing Chat

Secure Web Appliance. Reverse Proxy

Connected Data. Connected Data requirements for SSO

White Paper How to Remotely Access Ethernet I/O Over the Internet

Interwise Connect. Working with Reverse Proxy Version 7.x

Ciphermail Gateway PDF Encryption Setup Guide

How-To: Submitting PDF forms to SharePoint from custom websites

Get started with cloud hybrid search for SharePoint

Introduction to the Mobile Access Gateway

DIGIPASS Authentication for Cisco ASA 5500 Series

Quick Start Guide. Installation and Setup

User Guide. Version R91. English

Test Run Analysis Interpretation (AI) Made Easy with OpenLoad

Enable Connectivity for 3PAR Storage:

Blue Coat Security First Steps Solution for Deploying an Explicit Proxy

Single Sign-on (SSO) technologies for the Domino Web Server

SSO Plugin. HP Service Request Catalog. J System Solutions. Version 3.6

How To Write A Cq5 Authoring Manual On An Ubuntu Cq (Windows) (Windows 5) (Mac) (Apple) (Amd) (Powerbook) (Html) (Web) (Font

WiNG5 CAPTIVE PORTAL DESIGN GUIDE

NextRow - AEM Training Program Course Catalog

Fast track to HTML & CSS 101 (Web Design)

Architectural Overview

WildFire Cloud File Analysis

Tagging Guide: Website and Implementation. Contents

Quick Guide of DDNS Settings

Application Note. Onsight TeamLink And Firewall Detect v6.3

IMF Tune Quarantine & Reporting Running SQL behind a Firewall. WinDeveloper Software Ltd.

Getting Started with AWS. Hosting a Static Website

Performance Testing Process A Whitepaper

WEB DESIGN COURSE CONTENT

NetWrix SQL Server Change Reporter. Quick Start Guide

Security and the Mitel Teleworker Solution

enicq 5 System Administrator s Guide

NETWRIX USER ACTIVITY VIDEO REPORTER

Oracle Collaboration Suite

Application Note. Onsight Connect Network Requirements v6.3

Integrating Web Messaging into the Enterprise Middleware Layer

Bentley CONNECT Dynamic Rights Management Service

Quick Guide of HiDDNS Settings (with UPnP)

Agenda. 1. ZAPms Konzept. 2. Benutzer-Kontroller. 3. Laout-Aufbau. 4. Template-Aufbau. 6. Konfiguration. 7. Module.

How To Use Netscaler As An Afs Proxy

GEMFIND. We Handle The Journey. So You Can Focus On The Destination. WEB TECHNOLOGIES FOR THE JEWELRY INDUSTRY - Est. 1999

SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab March 04, 2004

ADFS for. LogMeIn and join.me authentication

Client Requirement. Why SharePoint

Chapter 1. Introduction to web development

What is Web Security? Motivation

WEBTITAN CLOUD. User Identification Guide BLOCK WEB THREATS BOOST PRODUCTIVITY REDUCE LIABILITIES

Agenda. How to configure

Single Sign On. SSO & ID Management for Web and Mobile Applications

FAST-START GUIDE FOR ADMINISTRATOR - ECOMMERCE

Authentication Methods

Lab Configuring Access Policies and DMZ Settings

DEPLOYMENT GUIDE Version 1.1. Deploying the BIG-IP LTM v10 with Citrix Presentation Server 4.5

WAN OPTIMIZATION FOR MICROSOFT SHAREPOINT BPOS

Fortigate SSL VPN 4 With PINsafe Installation Notes

Preparing for GO!Enterprise MDM On-Demand Service

How to Embed Video from a DVEO Stream on a Website

Lecture 8a: WWW Proxy Servers and Cookies

Manager Manual. NetSlave GmbH Simon-Dach-Straße 12 D Berlin. Phone +49 (0) Fax +49 (0)

HOW TO CONFIGURE PASS-THRU PROXY FOR ORACLE APPLICATIONS

DMZ Network Visibility with Wireshark June 15, 2010

E-Commerce Installation and Configuration Guide

Fortigate SSL VPN 3.x With PINsafe Installation Notes

AD Phonebook 2.2. Installation and configuration. Dovestones Software

intertrax Suite resource MGR Web

TIBCO Spotfire Web Player 6.0. Installation and Configuration Manual

Transcription:

Secure Testing Service Overview and pre-release use Authors: Andrej Sokoll Matthew Loewengart Revisions: 2011 Version 1.0

Page 2 Contents Overview... 3 Background... 3 How does the secure testing service work?... 4 Testing the secure testing services... 5 Prepare your account by:... 5 Prepare two variations of a website which links the published and unpublished assets.... 6 Run the test:... 6 Supported and un-supported asset types... 7 S7OnDemand features:... 7 Use Cases... 8 Integrating the secure testing services into a web-site preview... 8 Building Business to Business application using Scene7 secure testing services... 8 Conclusion... 9 Appendix A: Sample HTML test page... 10 Confidential. Property of Adobe Systems, Inc. Copyright 2011. 2

Page 3 Overview Enterprise ecommerce Sites have grown accustomed to a 3-tier architecture with a formal development, staging, and production environments. The developers of these sites want to be able to test the complete endto-end workflow by loading new content and publishing it for testing while developing their next site release or product launch and don't want their content available before it has been internally approved/launched. With the new secure testing services being released by Adobe Scene7 our SaaS based customers will now have the ability to define different secure test environments and target which Image Server this content is made available either publicly or based upon a configurable set of IP address and ranges. This new functionality allows developers to match their Scene7 deployments with the architecture of their content management and commerce platform. Background Adobe Scene7 serves dynamic rich-media assets into the users browser. In order to do that Scene7 utilizes standard web protocols and technologies. So accessing an asset via a URL does not require any authentication. An asset on the S7 Image Server is available via URL under these conditions: Asset uploaded to the Scene7 Publishing System Asset is marked for publish A publish process sends to the asset to the public facing Image Servers. Under these conditions images are available under public URLs like: http://demo.scene7.com/is/image/portalco/backpack_b?wid=300&hei=300 As soon as the web site s html pages links the URL the asset becomes available. In many cases, other imagery and rich media may have been published and only referenced from a staging environment. It is the act of referencing that content from the Web page that makes it publicly available. In some instances, this is not a sufficient level of security as a user maybe able to guess a URL based on SKU number or a known naming convention which can produce challenges when launching a new product or Web site redesign. Companies are beginning to leverage the Scene7 platforms for internal applications and across corporate processes where the broad set of functionalities Scene7 provides should be used in secured environments. However the Adobe Scene7 infrastructure is not within the customer s infrastructure, corporate intranet, or demilitarized zone. Confidential. Property of Adobe Systems, Inc. Copyright 2011. 3

Page 4 So there are there are specific situations where access to Scene7 functionality should not be in public environments: Preview of web sites before public launch (staging web site) Serving assets requiring restricted access, e.g. ecatalogs showing custom prices in a B2B web application Usage of asset behind a firewall as part of a product information management system, customer service applications, training, etc. The secure testing services addresses this need by Providing a full featured access to the image server even for unpublished assets Limiting access to a configurable set of IP addresses and IP ranges The secure testing services functionality does not affect the access to the Scene7 Publishing System (SPS). The SPS security remains consistent and requires the appropriate credentials for access to SPS and the related Web Services. How does the secure testing service work? Most corporations run their Internet behind a firewall. Access to the Internet is possible through certain routes and typically through a limited range of public IP addresses. From your corporate network you can figure out your public IP address using web sites like http://whatismyip.com or request this information from your corporate IT organization. With the secure testing service, Scene7 has established a dedicated Image Server that can be used for staging or internal applications. Any request, made against this Server will check the origin IP address. If the incoming request is not within the approved list of IP addresses a failure response is returned. Note, because we need to confirm the location of the original request, the traffic of the secure testing services is not routed through a content distribution network as your public Scene7 Image Server traffic. Because of this, requests to the Secure Testing Service might have a higher slightly higher latency compared to the public Scene7 Image Servers. An additional benefit of this feature is that unpublished assets immediately available from the secure testing services, without the need to publish. This allows Scene7 users to run a preview before assets are published to their public facing image server. Confidential. Property of Adobe Systems, Inc. Copyright 2011. 4

Page 5 Testing the secure testing services Prepare your account by: 1. Configure the public IP addresses or IP ranges that you would like to make secure testing content available by using the Client Address Filter found under Setup > Application Setup > Publish Setup > Image Server. Select the context Test Image Serving Be careful: using the wrong context leads in missing images on your public site. 2. Upload a number of images to your SPS account. 3. Ensure that some of these images are Marked for Publish and keep some Unmarked for Publish. 4. Run an Image Server Publish. 5. Determine the Test Publish Context Server Name of your secure testing services This can be found under Setup > Application Setup > General Settings Confidential. Property of Adobe Systems, Inc. Copyright 2011. 5

Page 6 Get in contact with support when the server entry is missing or URLs to this server do not work. Prepare two variations of a website which links the published and unpublished assets. Public version: Link assets using your traditional Scene7 URL syntax into this web site. Staging version: Link assets into this Web site using the same syntax but with the secure testing site name. Run the test: 1. From with-in your corporate network perform the following test: From within your corporate network - identified by the IP address range previously defined the Staging version should show all images no matter if marked for publish or not. This allows for QA and testing without accidentally making images available before approval or product launch. Confirm that the Public version of your site shows published assets as you have previously experienced with Scene7 without any disruption. 2. From outside your corporate network, verify that non-published assets (e.g. Unmarked for Publish) are protected from 3 rd party access: From out-site your corporate network e.g. by using a 3G connection or home computer verify the Public version of your site shows all published assets as before, but none of the unpublished content. Confirm that the Staging version shows no asset even if they are marked for publish or not since you are accessing the secure testing service from an IP address that has not been approved. In Appendix A you will find a simple HTML page that you can use to run this basic test. Change the server name in the header of the file Change the company name Change the domain name to match secure testing site name Change the list of comma separate asset IDs Confidential. Property of Adobe Systems, Inc. Copyright 2011. 6

Page 7 Supported and un-supported asset types The Scene7 platform supports many more assets then just images. Adobe Scene7 is working hard to support as many of these files and asset types as possible. The following asset types will be available via the secure testing services for the pre-release that you will be participating: Images Image sets and all other types of sets (ecatalog, render sets, media sets) Standard Scene7 rich media viewers S7 OnDemand JSP pages Static content such as PDF files and progressively served videos The following asset types/functionalities are currently not supported by the secure testing services: Video streaming Render Server requests UGC services Web-to-print Dynamic Flash Banner content S7 Info or ecatalog search S7OnDemand features: The S7OnDemand module provides some features of the Scene7 platform. This module actually does not contain custom assets. However to use these features you can set parameters to use content from the secure testing services. Confidential. Property of Adobe Systems, Inc. Copyright 2011. 7

Page 8 Use case with the S7 secure testing services Integrating the secure testing services into a web-site preview ecommerce companies usually check changes in a preview environment before the site goes live. Such changes typically include: Web site feature changes Data changes Rich media changes Until now, such previews of product imagery and rich media content required development teams to use published Scene7 assets. The same URL was used to access Scene7 content within the DMZ as well as in the public facing Web site. The secure testing site now allows previewing the staging version of the Web site with un-published content. Here is a typical workflow of how this can be achieved: Staging system references the common Scene7 Image Server (e.g. customer.scene7.com) Name resolution of the tester s PC is changed to point for customer.scene7.com to the secure testing site. An Alternative process Global changes: In the preview system point your staging version of your Web site to the secure testing server for site validation and/or in anticipation of a product launch. At the time that this version of the site is promoted to the live production environment a global variable will need to be updated in order to change these Scene7 references to the public facing Scene7 domain. Separately, it is important that you log into your SPS account and ensure all content that was previously Unmarked for Publish assets has their publish status updated to Mark for Publish and run a publish process to make sure assets are available in the live site. Building Business to Business application using Scene7 secure testing services Let s consider B2B applications as Web applications requiring authentication of users when accessing content. Usually authentication provides a context (e.g. a session) under which the server delivers the various content required by the user (html, css, images, pdf, etc). Similar to public Web sites each of these components are requested with unique URLs that can be copied and sent to any 3 rd party. The context of the session would get lost and the request to such URLs should not provide a meaningful result. Confidential. Property of Adobe Systems, Inc. Copyright 2011. 8

Page 9 However, in the past if the request included a Scene7 URL from a public server, an ecatalog for instance, this content would have been delivered to the Web browser without requesting any login credentials. Within the context of a B2B application the secure testing services provide a solution that allows rich media content to be served in your application without fear of the content making its way to unintended users. With the secure testing services you can now route Scene7 traffic through your network and therefore you can always check if such requests are authenticated using your established mechanism. In some cases to accomplish this with an extended team or customer base you would want to work with your IT team to setup a proxy functionality for this routing. You gain the full feature set of Scene7 for your B2B application and can use the same rich media experiences found on your consumer sites: Dynamic imaging Zoom 360 spin ecatalogs Conclusion With the new secure testing services being released by Adobe Scene7 our customers will now have the ability to define different secure test environments and build robust B2B solutions. This new functionality allows developers to match their Scene7 deployments with the architecture of their content management and commerce platform. Confidential. Property of Adobe Systems, Inc. Copyright 2011. 9

Page 10 Appendix A: Sample HTML test page The following HTML code utilizing JavaScript provides a simple sample test page <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD><TITLE>Scene7 Secure IP Image Test </TITLE> <META http-equiv=content-type content="text/html; charset=windows-1252"> <script type="text/javascript"> <!-- //test data to be changed to your test var SERVER ="s7g3.scene7.com";//your S7 public image server var SECUREIPSERVER ="test-e3.scene7.com";// your S7 secure testing services (not your origin server) var COMPANY ="AndrejSokoll"; //your SPS company //your list of published image assets imagearraypublished= new Array ("patent_01","patent_02","patent_03","patent_04"); //your list of non published image assets imagearraynotpublished=new Array ("patent_01_non","patent_02_non","patent_03_non","patent_04_non"); //===== end of config, leave the rest var COLUMNS=4; function displaylist(mod,entrytext,vserver,vmodus) { //outputs the inner of a table with image var i=0; if (vmodus=="published"){var vimagearray= imagearraypublished}; if (vmodus=="notpublished"){var vimagearray= imagearraynotpublished}; for(var j in vimagearray) { var imagename = vimagearray[j]; if (i==0) { document.write('<tr>')}; i+=1; //column counter url = "http://"+ vserver + "/is/image/" + COMPANY +"/" + imagename + MOD; document.write('<td align="center">'); document.write('<br><div>' + entrytext + '</div><br>'); document.write('<img src="' + url + '" border="0"></a>'); document.write('</div>'); document.write('</td>'); if (i==columns) { document.write('</tr>');i=0}; }; if (i!=columns) { document.write('</tr>')}; } --> </script> </HEAD> <body> <table border="0" cellpadding="0" cellspacing="0" style="border-collapse:collapse" width="100%" > <tr> <td colspan="7"><div class="stylehead"><a href="www.scene7.com/de" > <img src="http://s7g3.scene7.com/is/image/andrejsokoll/logo_s7logo?wid=120&op_sharpen=1&fmt=gif" border="0" alt="scene7 Logo"></a> Test page for Secure testing services </div> </td><td align="right"></td> </tr> </table> <div align="center">requests to public published images<br></div> <table border="0" cellpadding="0" cellspacing="0" style="border-collapse:collapse" width="100%"> <!-- width="1020" --> <script> displaylist("?wid=200&hei=200&fmt=jpeg&qlt=85&op_usm=1.1,0.8,0,0&resmode=sharp2","200x200",server,"published");</script> </table> <div align="center">requests to public non published images<br></div> <table border="0" cellpadding="0" cellspacing="0" style="border-collapse:collapse" width="100%"> <!-- width="1020" --> <script> displaylist("?wid=200&hei=200&fmt=jpeg&qlt=85&op_usm=1.1,0.8,0,0&resmode=sharp2","200x200",server,"notpublished");</script> </table> <div align="center">requests to secure IP server with published images<br></div> <table border="0" cellpadding="0" cellspacing="0" style="border-collapse:collapse" width="100%"> <!-- width="1020" --> <script>displaylist("?wid=200&hei=200&fmt=jpeg&qlt=85&op_usm=1.1,0.8,0,0&resmode=sharp2","200x200",secureipserver,"published");</script> </table> <div align="center">requests to secure IP server with non published images<br></div> <table border="0" cellpadding="0" cellspacing="0" style="border-collapse:collapse" width="100%"> <!-- width="1020" --> <script> displaylist("?wid=200&hei=200&fmt=jpeg&qlt=85&op_usm=1.1,0.8,0,0&resmode=sharp2","200x200",secureipserver,"notpublished"); </script> </table> </BODY> </HTML> Confidential. Property of Adobe Systems, Inc. Copyright 2011. 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information