Using Blackfire for debugging production environments
Blackfire is not a single piece of software running on your server or browser. It consists of five parts:
- the Probe is a PHP extension that gathers the raw performance profiles
- the Agent is a server-side daemon that aggregates and forwards profiles to blackfire.io
- the Companion is a web browser extension used mainly to trigger profiling from your browser
- the Client is the command line equivalent of the Companion, it can be used from anywhere even if it is packaged with the Agent by default
- the Website is used to visualize the profiles
So as you can read the data is collected from your servers and analysed via an online SaaS tool. Initialising a request for a view to be debugged is done using a browser extension or a command line tool. The final profiling data is shown on a separate web application.
The above process gives you a convenient way to get insight into how the application at hand is functioning in production and spotting bottlenecks. You can also compare two created profiles to see which parts of the application have been improved or degraded.
Pro-tip: If you're running Varnish in front of your application, a practical method for debugging that application is opening up an SSH pipe directly to the underlying web server such as H2O, Apache or Nginx.
Pricing, dependency and privacy concerns
As you might expect, the product uses a freemium model and on the free SaaS subscription level you get full profiling capabilities for Web Pages, CLI Scripts and API Calls. Limitations kick in when you want to create teams, use test assertions or hold your test profile for a long period of time (free tier caps this at one day). Read more about the pricing of Blackfire.
Creating a hard dependency to a tool in the daily life of a companies activities such as Slack for communities is a thing to consider for businesses. An absolute dependency to Blackfire is impossible as it is only an additional tool for developers to use. You are of course, free to keep using competing products such as Tideways, Xdebug or xhprof.
As with all subscription service software, pricing may shoot up to a level where it no longer makes sense at a large scale. The trend of developers buying their own software (Buy Your Own Software, BYOS) in companies that are so entrenched in Open Source that they do not want to pay for software, might make Blackfire and other tools common place even if the company does not purchase subscriptions.
Another valid concern is Data Privacy. If you're giving out application data from production enviromnents, what is the guarantee of not sending over sensitive data such as Credit Cards information? The Blackfire team has considered:
When the data are ready, the agent send them back to Blackfire servers. So, what are we getting on our side? Function call names, times, memory, anonymized SQL queries and HTTP calls (only for the Enterprise Edition), and some metadata like the full HTTP request (URL and headers) for web profiles, or the CLI command for console apps. Nothing that could potentially be used to harm you.
Read more about data privacy and inspecting sent traffic on the Blackfire Blog: Data Privacy and Blackfire
Blackfire is currently a PHP only products, which is a clear choice since PHP powers vast parts of the web with tools such as Symfony, Drupal and WordPress:
- Improving Wordpress Translation Performance
- Boosting performance of a complex Drupal 7 project with Blackfire.io
- View Blackfire in action with Symfony on Platform.sh