13. 12. 2016 Massimo Giaimo Events, NetEye, Real User Experience, Visual Synthetic Monitoring

Remote banking monitoring with Alyvix and NetEye

RemoteBanking_Header_Alyvix
Massimo Giaimo, Senior System & Network Administrator at IBT, shares his experience with Alyvix and NetEye.

What are the most recent significant changes in the application monitoring?

For decades, IT departments have mainly implemented performance-monitoring strategies through the control of the uptime of the systems. Only in recent years, companies realized that is not sufficient to monitor the availability of the infrastructure. To ensure customer satisfaction and the proper functioning of the delivered services it is essential to measure the End User Experience. Response times, failed interactions and real use are now the new monitoring metrics.

The monitoring challenges at IBT Group

The above-mentioned scenario can be found also at Informatica Bancaria Trentina Group, the company where I work, that deals with the development of the banking information system Gesbank Evolution and provides IT outsourcing services. Until now, our monitoring strategy was mainly based on the system and infrastructure control without a direct User Experience measurement. Thanks to the flexibility of NetEye we are able to control our IT not only in the traditional way, but also to integrate the innovative approach of Visual Synthetic Monitoring.

Remote Banking monitoring from the users’ perspective

Let me now show you an example of how we were able to control the actual functioning of our remote banking system. In concrete, we needed to authenticate to the system, check the correct functioning and then perform the logout action.

First, we knew that the users authenticate to the system by using two different factors:
1. Data we know: user / password
2. Data we have: OTP generated by a token software

To achieve our goal we decided to use Alyvix, the Visual Synthetic Monitoring module integrated into NetEye.

Authetication check

We have built a test case in the RIDE, the development framework used by Alyvix. The Test case can open an instance of the Mozilla Firefox browser, connect to the internet page where our remote banking service is hosted and insert the pair of credentials required for the authentication. Confirmed this phase, the remote banking system will send a text message containing a one-time password to the phone number inserted during the service registration. For the test case, we have set the phone number that is used by the GSM modem connected to the NetEye appliance. The SMS message is then managed by the NetEye Event Handler, on which we have implemented a rule that set it as a NetEye service state, which we called SMS_token. You can view below the screenshot of the implemented rule:

The SMS message is managed by the NetEye Event Handler

The SMS message is then managed by the NetEye Event Handler

The SMS_token service has a freshness value set as 60. This means that when the system receives the sms contening the one-time password, the service is valid for 60 seconds, after which the check_dummy service will restore the status, assigning the string “EXPIRED”.

Than we wrote a php page (token_neteye.php) that queries, through the curl command, the state of the SMS_token service and writes the state in an input box on the page. If the service status is equal to “EXPIRED” the input box will contain the same string, otherwise if the service status contains the string with the one-time password, the following image is displayed:

sms_token

Control the real system functioning

Alyvix opens the page in the browser and updates it every 5 seconds. Alyvix keeps looking for the image mentioned above until it appears and when the framework identifies the object, it clicks on it by executing a java script that copies the string (the one-time password) contained in the input box.

Alyvix then pastes the string in the remote banking system page, which is waiting for the one-time password.

After the successful authentication, Alyvix verifies the effective operation of the service (in this case it is sufficient to search for the string “ONLINE” on the home page) and then logs out from the remote banking system.

By executing this test case we can verify the correct functioning of the service and monitor the end user experience, by taking advantage of the performance data that Alyvix returns for every single transaction.

If you would like to receive more information or you would like to get the php code we have generated for the test case please feel free to contact me through the blog.

Massimo Giaimo

Massimo Giaimo

Team Leader Cyber Security at Würth Phoenix

Author

Massimo Giaimo

Team Leader Cyber Security at Würth Phoenix

Leave a Reply

Your email address will not be published. Required fields are marked *

Archive