YourKit Connection Broker
What is YourKit Connection Broker?
YourKit Connection Broker or just broker is a software developed by YourKit to simplify and secure profiling of Java and .NET applications in cloud and clustered environments.
The broker greatly simplifies connectivity between profiler UI and profiler agent, and brings extra layer of security and fine-grained control for accessing the profiled applications.
How to get started?
It is simple! Sign up to a free account to access YourKit Connection Broker in cloud. You will get a pre-configured, fully-functional broker accessible to you world-wide.Sign Up Account Now
Why do I need a connection broker?
In classic profiling scenario, a profiler (desktop app) establishes TCP/IP connection with the profiler agent, which works inside the profiled applications. Within this TCP connection agent sends the gathered data for further analyzes and visualization. The picture below shows this classic architecture:
There are multiple reasons and situations when classic architecture plays not very well. Within the classic architecture, profiling setup in some scenarios is difficult or even practically impossible:
Clouds, clusters and containers
In clouds, dockerized and clustered environments, where JVM instances are being dynamically created, it is hard to tell the IP address and port of the profiler agent.
When your application runs on a production server, or in an isolated network, it may be a challenge to get the profiler connected and receive the results. You have to configure firewall, port forwarding, SSH tunnels, SSH keys, your computer must have SSH daemon. Such changes in the security area may be prohibited by your system administrator.
When your application opens an additional network socket, you must protect it from unauthorized access. It could be a huge headache for sysadmins and devops engineers. You have to configure complex firewall rules, and create SSH tunnels. It is a non-trivial and error-prone task. Security team will likely say NO, when you ask them the permission to open ports on a production server.
Why is connection broker the answer?
YourKit Connection broker solves all the issues and flows of the classic architecture. The broker acts as a server, that handles incoming connections from profiler agents and UIs, it authorizes the requests and proxies traffic between the UIs and agents.
Clouds, clusters and containers
The broker is cloud-friendly. It tracks the connected profiler agents and exposes them to the authorized profiler UIs. You no longer need to know the IP address and port of the profiler agent to connect to it.
We use only standard network protocols that are transparent for HTTP and SOCKS proxies. All traffic is always SSL encrypted. As the result it is possible to reach the broker from very restricted environments.
Profiler agents do not open TCP sockets to listen the incoming connections. Instead of this, they connect to the trusted, well-known broker address. This approach is much more secure, and it works even in the environments, where all incoming TCP connections are not allowed.
Agents and UIs are isolated within the broker from each other, and separated by zones. When profiler agent or UI connects to the broker, it provides opaque authentication token, that gives access only to the particular zone.
Does the broker look into my data?
No. The broker does not store, log or analyze the network traffic between UI and profiler agent. It acts solely as a proxy server, that redirects and forwards the traffic.
Can I have on-premise broker installation?
We are working on an on-premise version of the broker, it will be available a bit later.