Skip to content

Updated June 15, 2026

Private load generation

Generate load from inside your network perimeter when targets are private, regulated, or must never be exposed to external testing infrastructure during a run.

What this workflow should produce

  • Traffic that originates from an approved network boundary and never crosses public infrastructure.
  • A run record that still appears in the shared MaxoPerf results workflow alongside managed-location runs.
  • Authorisation-ready: private runners are scoped to the locations and teams you specify.
  • The ability to compare private-location and managed-location results in a single run without changing tools.

Use case

Private load generation is for systems that must not be exposed to public infrastructure — not even temporarily, not even for testing. The traffic must originate from inside an approved network boundary.

The need is common in regulated industries (financial services, healthcare, government) and in any organisation that runs meaningful workloads behind a VPC or on-premises. The target API may be in a private subnet, behind a firewall that has no public-facing rule, or operated under a security policy that prohibits external network connections regardless of the operational reason.

The problem is that most cloud load-testing platforms solve this with a workaround: “punch a hole in the firewall for the test, then close it.” That workaround creates audit findings, requires change-management tickets, and often gets rejected by the security team. The result is that load testing never happens — or happens ad hoc, with inconsistent tooling, outside the shared result workflow.

Private load generation integrates testing into your existing security perimeter rather than asking you to create an exception to it.

How MaxoPerf supports it

The MaxoPerf private runner agent runs inside your network. It connects outbound over HTTPS to the MaxoPerf control plane, pulls the test configuration and script, executes the test against internal targets, and pushes results back. No inbound port is required. The agent does not expose a network service.

The run record — scenario, load profile, metrics, logs, and result summary — appears in the MaxoPerf console alongside any managed-location runs. Teams that use both private and managed locations for different target environments work from the same interface without context-switching.

Access to private runner locations is scoped to specific organisations and projects. A runner registered to your internal environment cannot be used by another organisation’s account.

A concrete deployment

A financial-services firm runs integration and load tests against their internal transaction-processing API before every release:

  • Target: POST /internal/v1/transactions/process and GET /internal/v1/accounts/:id/balance — both inside a private subnet, no internet routing
  • Runner setup: a private runner agent deployed as a Kubernetes Deployment in the same cluster as the target, with network access to the target namespace; the agent connects outbound to MaxoPerf over the cluster’s internet egress
  • Load profile: 30 virtual users, 5-minute hold, thresholds set at p99 < 500 ms and error rate < 0.1%
  • Access control: the private location is scoped to the “payments” project; the security team reviews runner registration as part of the change-management process
  • Compliance: the security team’s audit log shows that no test traffic traverses the public internet; the runner agent’s outbound HTTPS connection to MaxoPerf is allowlisted by the egress firewall rule for the test namespace

This setup lets the team run repeatable load tests against production-equivalent internal APIs without any change to their firewall or network security posture.

Practical rollout

  1. Register the runner — deploy the private runner agent in a host, container, or pod that has network access to the test target. Register it with MaxoPerf and confirm connectivity before writing any test.
  2. Scope access — assign the private location to the specific project and team that owns the target. Do not create a single shared private location for the entire organisation.
  3. Start with a low-pressure test — 5–10 virtual users, short duration. Confirm results appear in the console before increasing load.
  4. Validate network path — compare latency results from the private location against a known benchmark (e.g. a direct request from the same host) to confirm the runner is not the bottleneck.
  5. Document in your change process — add the runner registration and test authorisation to whatever change-management or security-approval workflow covers your environment. Private load generation is more defensible when it is explicitly approved, not discovered after the fact.

FAQ

When should I use private load generation instead of managed locations?

Use private locations when the target is inside a private network and cannot accept traffic from public infrastructure; when compliance requirements (PCI-DSS, HIPAA, SOC 2 controls) prohibit external traffic to the system under test; or when you need to measure latency from a specific on-premises or VPC location that managed runners cannot replicate.

Does private load generation require a dedicated server?

No. The private runner agent is a lightweight process you run on any host inside your network perimeter — a VM, a container, or a Kubernetes pod. It connects outbound to MaxoPerf over HTTPS, so you do not need to open inbound firewall rules. The runner pulls test instructions and pushes results; no inbound ports are required.

Can I mix private and managed runner locations in a single test run?

Yes. You can assign load across both private and managed locations in a single run configuration. Results are labelled by location so you can compare latency from inside the VPC against latency from the public internet in the same result view.

Related documentation

Related use cases

  • AI inference load testing

    Validate LLM inference APIs under concurrent request load — measure time-to-first-token, token throughput, and cost per request to right-size GPU capacity.

  • Frontend browser performance testing

    Load-test real browser journeys — login flows, SPAs, and media-heavy pages — measuring user-perceived latency and render performance under concurrency.

  • Microservices SLO validation

    Confirm each service meets its latency and error-budget SLOs under realistic request concurrency before changes are promoted to production environments.