Secure Testing Service

10 

Full text

(1)

Secure Testing Service

Overview and pre-release use

Authors: Andrej Sokoll Matthew Loewengart Revisions:

2011 Version 1.0

(2)

Confidential. Property of Adobe Systems, Inc. Copyright 2011. 2

Contents

Overview ... 3

Background ... 3

How does the secure testing service work? ... 4

Testing the secure testing services ... 5

Prepare your account by: ... 5

Prepare two variations of a website which links the published and unpublished assets. ... 6

Run the test: ... 6

Supported and un-supported asset types ... 7

S7OnDemand features: ... 7

Use Cases... 8

Integrating the secure testing services into a web-site preview ... 8

Building Business to Business application using Scene7 secure testing services ... 8

Conclusion ... 9

(3)

Confidential. Property of Adobe Systems, Inc. Copyright 2011. 3

Overview

Enterprise ecommerce Sites have grown accustomed to a 3-tier architecture with a formal development, staging, and production environments. The developers of these sites want to be able to test the complete end-to-end workflow by loading new content and publishing it for testing while developing their next site release or product launch and don't want their content available before it has been internally approved/launched.

With the new secure testing services being released by Adobe Scene7 – our SaaS based customers will now have the ability to define different secure test environments and target which Image Server this content is made available — either publicly or based upon a configurable set of IP address and ranges.

This new functionality allows developers to match their Scene7 deployments with the architecture of their content management and commerce platform.

Background

Adobe Scene7 serves dynamic rich-media assets into the users browser. In order to do that Scene7 utilizes standard web protocols and technologies. So accessing an asset via a URL does not require any authentication. An asset on the S7 Image Server is available via URL under these conditions:

• Asset uploaded to the Scene7 Publishing System • Asset is marked for publish

• A publish process sends to the asset to the public facing Image Servers. Under these conditions images are available under public URLs like:

http://demo.scene7.com/is/image/PortalCo/Backpack_B?wid=300&hei=300

As soon as the web site’s html pages links the URL the asset becomes available. In many cases, other imagery and rich media may have been published and only referenced from a staging environment. It is the act of referencing that content from the Web page that makes it publicly available. In some instances, this is not a sufficient level of security as a user maybe able to guess a URL based on SKU number or a known naming convention – which can produce challenges when launching a new product or Web site redesign.

Companies are beginning to leverage the Scene7 platforms for internal applications and across corporate processes where the broad set of functionalities Scene7 provides should be used in secured environments. However the Adobe Scene7 infrastructure is not within the customer’s infrastructure, corporate intranet, or demilitarized zone.

(4)

Confidential. Property of Adobe Systems, Inc. Copyright 2011. 4 So there are there are specific situations where access to Scene7 functionality should not be in public environments:

• Preview of web sites before public launch (staging web site)

• Serving assets requiring restricted access, e.g. eCatalogs showing custom prices in a B2B web application

• Usage of asset behind a firewall as part of a product information management system, customer service applications, training, etc.

The secure testing services addresses this need by

• Providing a full featured access to the image server even for unpublished assets • Limiting access to a configurable set of IP addresses and IP ranges

The secure testing services functionality does not affect the access to the Scene7 Publishing System (SPS). The SPS security remains consistent and requires the appropriate credentials for access to SPS and the related Web Services.

How does the secure testing service work?

Most corporations run their Internet behind a firewall. Access to the Internet is possible through certain routes and typically through a limited range of public IP addresses.

From your corporate network you can figure out your public IP address using web sites like

http://whatismyip.com or request this information from your corporate IT organization.

With the secure testing service, Scene7 has established a dedicated Image Server that can be used for staging or internal applications. Any request, made against this Server will check the origin IP address. If the incoming request is not within the approved list of IP addresses a failure response is returned.

Note, because we need to confirm the location of the original request, the traffic of the secure testing services is not routed through a content distribution network as your public Scene7 Image Server traffic. Because of this, requests to the Secure Testing Service might have a higher slightly higher latency compared to the public Scene7 Image Servers.

An additional benefit of this feature is that unpublished assets immediately available from the secure testing services, without the need to publish. This allows Scene7 users to run a preview before assets are published to their public facing image server.

(5)

Confidential. Property of Adobe Systems, Inc. Copyright 2011. 5

Testing the secure testing services

Prepare your account by:

1. Configure the public IP addresses or IP ranges that you would like to make secure testing content available by using the Client Address Filter found under Setup > Application Setup > Publish Setup > Image Server. Select the context “Test Image Serving” Be careful: using the wrong context leads in missing images on your public site.

2. Upload a number of images to your SPS account.

3. Ensure that some of these images are Marked for Publish and keep some Unmarked for Publish. 4. Run an Image Server Publish.

5. Determine the Test Publish Context Server Name of your secure testing services – This can be found under Setup > Application Setup > General Settings

(6)

Confidential. Property of Adobe Systems, Inc. Copyright 2011. 6 Get in contact with support when the server entry is missing or URLs to this server do not work.

Prepare two variations of a website which links the published and unpublished assets.

• Public version: Link assets using your traditional Scene7 URL syntax into this web site.

• Staging version: Link assets into this Web site using the same syntax but with the secure testing site name.

Run the test:

1. From with-in your corporate network perform the following test:

From within your corporate network - identified by the IP address range previously defined – the Staging version should show all images no matter if marked for publish or not. This allows for QA and testing without accidentally making images available before approval or product launch.

Confirm that the Public version of your site shows published assets as you have previously experienced with Scene7 without any disruption.

2. From outside your corporate network, verify that non-published assets (e.g. Unmarked for Publish) are protected from 3rd party access:

From out-site your corporate network – e.g. by using a 3G connection or home computer – verify the Public version of your site shows all published assets as before, but none of the unpublished content. Confirm that the Staging version shows no asset even if they are marked for publish or not since you are accessing the secure testing service from an IP address that has not been approved.

In Appendix A you will find a simple HTML page that you can use to run this basic test. • Change the server name in the header of the file

• Change the company name

• Change the domain name to match secure testing site name • Change the list of comma separate asset IDs

(7)

Confidential. Property of Adobe Systems, Inc. Copyright 2011. 7

Supported and un-supported asset types

The Scene7 platform supports many more assets then just images. Adobe Scene7 is working hard to support as many of these files and asset types as possible. The following asset types will be available via the secure testing services for the pre-release that you will be participating:

• Images

• Image sets and all other types of sets (eCatalog, render sets, media sets) • Standard Scene7 rich media viewers

• S7 OnDemand JSP pages

• Static content such as PDF files and progressively served videos

The following asset types/functionalities are currently not supported by the secure testing services: • Video streaming

• Render Server requests • UGC services

• Web-to-print

• Dynamic Flash Banner content • S7 Info or eCatalog search S7OnDemand features:

The S7OnDemand module provides some features of the Scene7 platform. This module actually does not contain custom assets. However to use these features you can set parameters to use content from the secure testing services.

(8)

Confidential. Property of Adobe Systems, Inc. Copyright 2011. 8

Use case with the S7 secure testing services

Integrating the secure testing services into a web-site preview

eCommerce companies usually check changes in a preview environment before the site goes live. Such changes typically include:

• Web site feature changes • Data changes

• Rich media changes

Until now, such previews of product imagery and rich media content required development teams to use published Scene7 assets. The same URL was used to access Scene7 content within the DMZ as well as in the public facing Web site.

The secure testing site now allows previewing the staging version of the Web site with un-published content. Here is a typical workflow of how this can be achieved:

• Staging system references the common Scene7 Image Server (e.g. customer.scene7.com)

• Name resolution of the tester’s PC is changed to point for customer.scene7.com to the secure testing site.

An Alternative process Global changes:

In the preview system point your staging version of your Web site to the secure testing server for site validation and/or in anticipation of a product launch. At the time that this version of the site is promoted to the live production environment a global variable will need to be updated in order to change these Scene7 references to the public facing Scene7 domain.

Separately, it is important that you log into your SPS account and ensure all content that was previously Unmarked for Publish assets has their publish status updated to Mark for Publish and run a publish process to make sure assets are available in the live site.

Building Business to Business application using Scene7 secure testing services

Let’s consider B2B applications as Web applications requiring authentication of users when accessing content. Usually authentication provides a context (e.g. a session) under which the server delivers the various content required by the user (html, css, images, pdf, etc).

Similar to public Web sites each of these components are requested with unique URLs that can be copied and sent to any 3rd party. The context of the session would get lost and the request to such URLs should not provide a meaningful result.

(9)

Confidential. Property of Adobe Systems, Inc. Copyright 2011. 9 However, in the past if the request included a Scene7 URL from a public server, an eCatalog for instance, this content would have been delivered to the Web browser without requesting any login credentials. Within the context of a B2B application the secure testing services provide a solution that allows rich media content to be served in your application without fear of the content making its way to unintended users.

With the secure testing services you can now route Scene7 traffic through your network and therefore you can always check if such requests are authenticated using your established mechanism. In some cases to

accomplish this with an extended team or customer base you would want to work with your IT team to setup a proxy functionality for this routing.

You gain the full feature set of Scene7 for your B2B application and can use the same rich media experiences found on your consumer sites:

• Dynamic imaging • Zoom

• 360 spin • eCatalogs

Conclusion

With the new secure testing services being released by Adobe Scene7 – our customers will now have the ability to define different secure test environments and build robust B2B solutions. This new functionality allows developers to match their Scene7 deployments with the architecture of their content management and commerce platform.

(10)

Confidential. Property of Adobe Systems, Inc. Copyright 2011. 10 Appendix A: Sample HTML test page

The following HTML code utilizing JavaScript provides a simple sample test page <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<HTML><HEAD><TITLE>Scene7 Secure IP Image Test </TITLE>

<META http-equiv=Content-Type content="text/html; charset=windows-1252"> <script type="text/javascript">

<!--

//test data to be changed to your test

var SERVER ="s7g3.scene7.com";//your S7 public image server

var SECUREIPSERVER ="test-e3.scene7.com";// your S7 secure testing services (not your origin server) var COMPANY ="AndrejSokoll"; //your SPS company

//your list of published image assets

imageArrayPublished= new Array ("patent_01","patent_02","patent_03","patent_04"); //your list of non published image assets

imageArrayNotPublished=new Array ("patent_01_non","patent_02_non","patent_03_non","patent_04_non"); //===== end of config, leave the rest

var COLUMNS=4;

function displayList(MOD,entryText,vSERVER,vMODUS) { //outputs the inner of a table with image var i=0;

if (vMODUS=="published"){var vimageArray= imageArrayPublished}; if (vMODUS=="notpublished"){var vimageArray= imageArrayNotPublished}; for(var j in vimageArray) {

var imageName = vimageArray[j]; if (i==0) { document.write('<tr>')}; i+=1; //column counter

url = "http://"+ vSERVER + "/is/image/" + COMPANY +"/" + imageName + MOD; document.write('<td align="center">');

document.write('<br><div>' + entryText + '</div><br>'); document.write('<img src="' + url + '" border="0"></a>'); document.write('</div>'); document.write('</td>'); if (i==COLUMNS) { document.write('</tr>');i=0}; }; if (i!=COLUMNS) { document.write('</tr>')}; } --> </script> </HEAD> <body>

<table border="0" cellpadding="0" cellspacing="0" style="border-collapse:collapse" width="100%" > <tr> <td colspan="7"><div class="stylehead"><a href="www.scene7.com/de" >

<img src="http://s7g3.scene7.com/is/image/AndrejSokoll/logo_s7logo?wid=120&op_sharpen=1&fmt=gif" border="0" alt="Scene7 Logo"></a> Test page for Secure testing services </div>

</td><td align="right"></td> </tr>

</table>

<div align="center">Requests to public published images<br></div>

<table border="0" cellpadding="0" cellspacing="0" style="border-collapse:collapse" width="100%"> <!-- width="1020" -->

<script> displayList("?wid=200&hei=200&fmt=jpeg&qlt=85&op_usm=1.1,0.8,0,0&resMode=sharp2","200x200",SERVER,"published");</script> </table>

<div align="center">Requests to public non published images<br></div>

<table border="0" cellpadding="0" cellspacing="0" style="border-collapse:collapse" width="100%"> <!-- width="1020" -->

<script> displayList("?wid=200&hei=200&fmt=jpeg&qlt=85&op_usm=1.1,0.8,0,0&resMode=sharp2","200x200",SERVER,"notpublished");</script> </table>

<div align="center">Requests to secure IP server with published images<br></div>

<table border="0" cellpadding="0" cellspacing="0" style="border-collapse:collapse" width="100%"> <!-- width="1020" -->

<script>displayList("?wid=200&hei=200&fmt=jpeg&qlt=85&op_usm=1.1,0.8,0,0&resMode=sharp2","200x200",SECUREIPSERVER,"published");</script> </table>

<div align="center">Requests to secure IP server with non published images<br></div>

<table border="0" cellpadding="0" cellspacing="0" style="border-collapse:collapse" width="100%"> <!-- width="1020" -->

<script> displayList("?wid=200&hei=200&fmt=jpeg&qlt=85&op_usm=1.1,0.8,0,0&resMode=sharp2","200x200",SECUREIPSERVER,"notpublished"); </script> </table>

</BODY> </HTML>

Figure

Updating...

Related subjects :