Sauce Connect Architecture
Sauce Connect 5 lets tests running in the Sauce Labs cloud securely access web or app resources that live behind your corporate firewall. It does this by opening an outbound-only tunnel from your network to Sauce Labs, so no inbound ports have to be exposed.
High-Level Architecture
From Sauce Labs' perspective the system is made up of three building blocks:
- Sauce Connect client (SC5 binary) - runs inside your network
- Sauce Connect Server - runs in the Sauce Labs data center
- Sauce Labs REST API - manager of the tunnel lifecycle (start, stop, status)
What Runs Inside Your Network
Sauce Connect client consist of:
- SC5 controller - the "brain" of the binary. Reads configuration, authenticates with Sauce Labs, negotiates tunnel creation, and supervises all other tasks.
- HTTP/2 connection manager - maintains long-lived, TLS-encrypted HTTP/2 connections to the Sauce Connect Server. Automatically reconnects on network blips.
- Forward proxy - embedded copy of Forwarder that proxies requests into your network.
Data Flow
- The Sauce Connect client authenticates with your Sauce Labs account and requests a new tunnel via the REST API.
- The Sauce Connect client opens long-lived, TLS-encrypted HTTP/2 connections to the SC5 server.
- Browsers or devices in Sauce Labs send requests to the Sauce Connect Server; those requests travel through the tunnel to reach services inside your network.
- Responses follow the same path back.