Though it may take a few seconds to start up a Sauce Connect tunnel, you'll have established a high-security tunnel for communications between the machine where it's running and the Sauce Labs API and browser cloud.
In addition to the security of the tunnel itself, each tunnel connection spins up a fresh virtual machine (VM) that is used only for your tests. VMs are destroyed once the tunnel is closed. An important Sauce Connect best practice is to create a new tunnel for each test suite or build, and then tear it down at the end of your test.
Data transmitted by Sauce Connect is encrypted through the TLS protocol, which uses perfect forward secrecy for maximum security. Sauce Connect also uses a caching web proxy to minimize data transfer. You can disable this with the command line option
-N, --no-proxy-caching, which is described further in the Sauce Connect Command Line Reference.
Sauce Connect in the DMZ
Within your infrastructure, Sauce Connect must be able to reach the application or server you want to test via your network, but can be firewalled from the rest of your internal network.
We recommend running Sauce Connect in a firewall DMZ – on a dedicated machine – and setting up firewall rules to restrict access from that DMZ to your internal network. However, use caution when locating and configuring Sauce Connect in a DMZ.