Building a Scalable Performance Testing Framework for EndPoint Anti-Ransomware Software

Here, we'll delve into how we at Appnetwise created a robust and scalable performance testing framework for our client's anti-ransomware software. Our architecture combines backend and frontend performance tools—k6 and Playwright—within a Docker-based environment, ensuring consistency, automation, and scalability.  

🧠The Problem We Wanted to Solve

Endpoint Anti-ransomware agent interacts with multiple APIs, including device registration, sending heartbeats, logging activity, and ransomware recovery. We wanted to test how these endpoints perform under different loads and their impact on the user experience in our centralised, multi-tenant web application with a shared dashboard.  

One possibility is to spin up multiple virtual machines with this endpoint software, but that's not practical or cost-effective.  

At the same time, the frontend dashboard or console is where users view device status, logs, and health statistics. Even if the backend is working fine, a slow dashboard can still ruin the user experience.  

We needed to test both, but with the right tool. Is there a single open-source tool or framework that can address this?

We couldn't find one, so we had to leverage multiple tools and integrate them to meet our requirements. Lets explore what those are how we integrted them.

🛠 Why We Used Two Tools: k6 and Playwright

We chose k6 for backend testing. It’s great for load testing APIs and simulating lots of virtual users hitting different endpoints. 

But k6 doesn’t support browser testing. So, for the frontend, we used Playwright. It simulates real user actions in a browser and gives us metrics like page load time, performance, and UI behavior. 

Together, k6 and Playwright provided us with a comprehensive view—how the backend performs under load and how the frontend manages it.   

We utilised InfluxDB and Grafana to collect all metrics from both tests and gain a good insight into each API and user call. 

⚙️Setting It All Up with Docker Compose

To run everything smoothly and consistently, we used Docker Compose. It sets up three containers:

• 🗃 InfluxDB – stores all performance metrics

• 📊 Grafana – shows beautiful dashboards of our test results

• perf-runner – a custom container that runs our backend and frontend tests using a PowerShell script

Minimize image

Edit image

Delete image

This setup means we can run our entire testing environment with a single command and get the same results every time.

🚦Running Different Types of Tests

We wrote a PowerShell script that lets us choose what kind of test to run. For example:

• Stress Test – push the system to its limits with many users

• Spike Test – see how it reacts to sudden bursts of traffic

• Soak Test – run for a long time to check for memory leaks

• Endurance Test – test stability over time

• Load Test – find the normal working limits

Each test has different settings like how many virtual users to run, how long to run, and how many requests to send.

📈 What Metrics We Collect

For the backend, our k6 tests collect data like:

• Response time (min, max, average, percentiles)

• Number of requests per second

• Error rates, etc.,

For the frontend, Playwright captures:

• Core Web Vitals (FCP, LCP, CLS)

• Page load time, etc.,

All of this data is sent to InfluxDB, and from there, it shows up in Grafana.

Grafana Dashboards We Use

We’ve created multiple dashboards in Grafana to help us analyze the results:

Minimize image

Edit image

Delete image

• Test_type_dashboard – shows metrics based on the type of test (stress, load, etc.)     

Minimize image

Edit image

Delete image

• Backend_heartbeat – monitors how heartbeat API performs over time

Minimize image

Edit image

Delete image

• Dashboard_home – combines key backend and frontend data

Minimize image

Edit image

Delete image

• Frontend_performance – shows how the UI performs under load          

Minimize image

Edit image

Delete image

This helps us spot slowdowns, errors, or bottlenecks quickly.

🧾Post-Test Reports

Auto-generated HTML reports summarize

• Test config (VUs, iterations, test type)

• Aggregate performance stats

• Frontend and backend analysis

Minimize image

Edit image

Delete image

🧠Final Thoughts

This performance testing framework enables us to test endpoint anti-ransomware software in real-world scenarios, checking APIs and Dashboard. 

With all metrics feeding into Grafana, we can clearly see performance and make improvements more quickly. This gives us confidence that our software not only keeps users safe but also works fast and smoothly, even under heavy load.  

Stay tuned as we continue to evolve our performance engineering strategies and share our findings along the way!

➡️Next steps include examining how endpoint performance manifests on various devices, different operating systems, and various versions. My colleague, Fatima Zahara Mohammed is working on this – please check her post for updates.  

💬We'd love to hear your thoughts and any suggestions for areas where we can improve.  Any new use cases / edge scenarios... Let's collaborate.