Last updated at Fri, 07 Aug 2020 14:37:54 GMT
We’re excited to share that over the past few weeks, we’ve released support for 32-bit applications for our .NET, .NET Core, and IIS agents.
“Why would you do that?” you may ask. To answer, we thought it may be helpful to explain our approach and the factors that went into deciding to do this work.
Since the founding of tCell, our next-gen cloud WAF and RASP tool, we’ve always taken an approach that runs ahead of the expected currents. As people were discussing an application security approach that focuses on “shifting left,” we were talking about the equal importance of “shifting right” in the software development lifecycle to build a more complete appsec program. While many solutions were using external agents, we saw “in-app” instrumentation as advantageous—especially as services move to the cloud and containers. When the worlds of WAF and RASP were often talked about as separate technologies, we saw the opportunity to bring the worlds together in an easy-to-use solution. While some organizations were focusing heavily on the most popular programming languages and environments, we were seeking ways to ensure that tCell can be as flexible and deployable as possible.
All these insights didn’t arise in a vacuum on our own, but rather by listening to people who are wrestling with security issues on the front lines, including those in development, operations, and security roles. As a result of this direct feedback from folks on the ground, we strive to make tCell agents as ubiquitous as possible, enabling companies to use tCell everywhere, and as early as possible.
After many conversations with prospects and customers about their needs, we determined that there was a growing need for 32-bit support for our Windows agents.
Starting with Azure
Why 32-bit support? Well, let’s start with the move to the cloud. The obvious big player when we’re talking about Windows web applications in the cloud is Azure. And the entry point for many companies building Windows applications are Azure’s free and shared plans.
This is because a 64-bit environment requires a Basic or Standard service plan, whereas Free and Shared plans always run in a 32-bit environment (read more here).
And since tCell works best the sooner you adopt it for a given project, there’s high value for our users to support the default at the earliest stages.
Dealing with reality
Though Intel processors have been 64-bit for a long time now, and the majority of apps are written for 64-bit (especially on the server-side), the reality is, change doesn’t always happen as quickly as we’d like. This is especially the case with DLLs, many of which only have 32-bit versions, which means Windows app developers must accommodate that.
It turns out that IIS in Azure, when it spawns worker processes, is 32-bit by default. This is not common knowledge, however, as the question comes up often in online forums (such as stack overflow) despite Microsoft specifically calling out 32-bit as being the preferred IIS configuration for worker processes, even on 64-bit systems:
“One of the performance benefits of the x64 platform is that it increases virtual address space, making more memory available. We recommend that you configure IIS to use 32-bit worker processes on 64-bit Windows. Not only is its compatibility better than the native 64-bit, performance and memory consumption are also better.”
However, that obviously doesn’t mean that every app should be built as 32-bit. There are limits, especially when it comes to addressable memory. And when there are needs for 64-bit, you can still count on tCell to support these apps as well.
tCell where you need it
With 32-bit support, people starting at the earliest stages of Azure can use tCell starting on day one. This means application developers who need to continue to use 32-bit DLLs can continue to do so, and simply integrate tCell into their environments from the start. In addition, if it makes sense to utilize 32-bit workers, tCell will now work just as well in those configurations as it does in 64-bit configurations—meaning you’ll get all the capabilities of tCell’s RASP and NG-WAF in either situation.
We strive to make tCell as flexible as possible in order to maximize compatibility with all applications no matter the language or environment. Our new release for 32-bit support for our Windows agents is perfect evidence of that.
Want to check it out for yourself? Feel free to reach out here to learn more about tCell and Rapid7’s application security solutions.