Network Overview

Aqueduct SSL works by creating a tunnel from your local machine (known as the Client) to a Flood provisioned tunnel (known as the Server) via port 443. Each time you create a new tunnel, Flood will automatically provision the tunnel Server which is a dedicated AWS instance in the cloud. No other Clients can connect to your tunnel.

| NAT / Firewall |
<---| TCP/IP |
<--| TLS |
-----------------------------> HTTP ----------------------------->
Grid --> Tunnel Server:443 <-- Tunnel Client --> Target Application:443
-----------------------------> ----------------------------->

A tunnel is established over the transport layer (TCP) with an encrypted session established by TLS with mutual authentication from the Aqueduct Client to the Aqueduct Server. All outbound communication from the Client to the Server is done on port 443 using TLS v1.2 and safe cipher suites. Once the tunnel is established outbound to the Server, the Server's security group can ingress Grid nodes so that load can be generated from the cloud, inbound through the Client according to the targets defined.