yCrash provides a safe and secure mechanism to troubleshoot production problems. In this article, let’s discuss about the safety measures provided by yCrash.
Production dump files tend to contain sensitive information such as IP addresses, credit card numbers, SSN, VAT numbers … and they also tend to be very large in size (several MBs to GBs). Since they are large in size, they can’t be attached in the email and sent to the Developers/Vendors to troubleshoot. The SRE engineer typically uploads these dump files to FTP Sites, Wiki, Sharepoint, drop box/google drive (sometimes). Then he will send the link of these files to the Developers/Vendors. They will then download the dump files from these remote locations to their local laptops, do the analysis and share the same dump files to the QA engineers to validate their fix. Now, if you observe this sensitive dump file are stored in multiple locations:
a. FTP Site/Wiki/SharePoint
b. Developer Laptop
c. QA engineer Laptop
d. Vendor sites
One more unfortunate thing happens. After doing the analysis, typically, most engineers would not delete these dump files from their laptops.
Whereas with yCrash, production dump files are transmitted from your production machines directly to the yCrash server through the secure https protocol. Dump files are then stored in the yCrash server only. Users will only see the analyzed reports and not the raw dump files. Thus, with yCrash, dump files aren’t exchanged with anyone; they are stored in only one location: the yCrash server.
Once the yCrash agent captures the dump files from production machines, they are automatically transmitted to the yCrash server through the secure https protocol. Prior to yCrash, dump files are transmitted through several unsecure protocols such as SMTP (i.e. emails), FTP, HTTP.
Both yCrash agent and yCrash server are running within your corporate firewall. Thus, sensitive dump files never leave your corporate network. They strictly follow your corporate security guidelines.
Manual analysis tools such as Eclipse MAT, IBM GC & Memory visualizer analyze the dump files and present the analysis results in cleartext. Thus, sensitive information such as Credit Card numbers, SSN, and VAT numbers are also printed in clear text to the engineers, who are analyzing these dump files. yCrash provides a data masking feature, such that only the last 4 digits of credit card numbers, SSN, VAT numbers are printed on the analysis report.
Leave a Reply