Testing in the Cloud

Cloud has been one of the buzz words in the IT industry over the last few years now: and it is, for the right reasons. As we all know the world of cloud can manifest itself in one of the following forms to be leveraged by various disciplines in the IT industry:

1. Software as a Service (SaaS)
2. Platform as a Service (PaaS)
3. Infrastructure as a Service (IaaS)

From a software testing perspective, SaaS and IaaS become more important than PaaS itself. In this article, I want to discuss with you the elements that are important to take note of and act on, from a Software Testing angle, in the arena of SaaS and IaaS.

Software as a Service (SaaS) is increasing in its popularity by the day and this can be attributed to several reasons such as: evolving cloud technology, need for optimization of resources and on-demand usage, global expansion of business that necessitates a platform to bring its people together, to name a few.

As an independent testing company, that has been testing SaaS applications over the last few years now, I will be talking about how testing for SaaS applications is different from testing a traditional on-premise implementation or rather what more to additionally focus on, in SaaS applications. To do this, let us look at a simple definition of SaaS and derive testable elements from it.

SaaS is a software delivery model, where the software is made available to the end customers over the Internet. The software vendor hosts the software for the customer, without the customer having to build up hardware or software environments, at their end. The customer herein, just provides software customization requirements to the vendor and follows a "pay per use model" to enable optimum use of resources. SaaS offers the customer the flexibility to scale up or down, the resource usage on an "on-demand" basis. Depending on the SaaS implementation model, there are varying levels of SaaS model maturity ranging all the way from:

• Single instance - single tenant (customer)
• Customizable multi tenancy on the base source code
• Multi tenancy on the base source code without any customizations

Let us now draw the testable elements from this definition:

Take away 1:

Software made available to end customers over the Internet: Software has evolved to enable us carry on a zillion different activities all the way from day to day shopping, banking, networking to possibly onetime events like home purchase, finding a match for yourself etc. If you are going to do all of this over the Internet, what is the first concern that comes to your mind? Privacy, confidentiality, security. Are all my transactions going to be secure especially when multiple other tenants use the same instance of the software? Security testing, especially, web application security testing is very important for SaaS applications. Take the initiative of doing the threat model analysis, or if your development team owns it, actively participate to ensure you understand the potential threats so you can test them thoroughly.

Take away 2:

The software vendor hosts the software for the customer: Given the scale of operations involved in the SaaS model, performance is something to definitely plan for in advance, and test. This is something that the end customers have come to expect, however, this can become challenging for the vendor when multiple instances are being planned for. Discuss the performance requirements with the business or product planning team upfront and start this testing early on in the product life cycle to conduct incremental tests. Besides just performance testing, scalability and capacity planning testing is also important in SaaS given that it works on an "on demand" model. Scalability and capacity planning does not always mean throwing in more hardware - doing so, may potentially result in wasted resources. Work with the development team to understand how scalable the product architecture is, to see if any optimizations can be done. Start all these discussions early on, since architectural changes may be very expensive, if not impossible, to implement at later stages.

Take away 3:
The customer herein just provides software customization requirements to the vendor and follows a "pay per use model" to enable optimum use of resources: Besides the core product functionality, two other important aspects to test in SaaS implementations are: right metering and billing and the right customer customizations.

One of the inherent benefits of the SaaS model is the pay-per-use feature. Unless this has been implemented correctly, there is no way to keep track of the customers accurate usage and this may affect the success of the entire application. Test for all the payment and usage algorithms, including boundary cases to ensure the implementation is correct.

Since often times the same application instance is customized and offered to meet the customer requirements, ensuring all of the customizations have been done correctly is very important. This may sound simple but any bug that is missed here, affects the customers reputation badly. Imagine having a logo of a competitor on your page - this could be disastrous. This is an area to be specially looked at, unlike in the traditional on-premise applications where this does not pose much risk.

SaaS applications, when implemented correctly and adequately tested for, have a lot of benefits to offer. Reap those benefits, to make your software a success, by proactively planning for these above areas well in advance.

Lets now look at IaaS. Not long ago, we would all remember the heavy investments software companies would make in setting up labs, hardware, inventory, communication with vendors for hardware shipments, obsolete hardware within years (if not months) of purchase, significant amount of testers time going into setting up the test environment...the list could go on.

The evolution of the cloud in its IaaS form has been a boon to the software industry especially the testing industry. What really is IaaS?

Also referred to as Hardware as a Service (HaaS) sometimes, this is a model where the environment setup is completely outsourced to a vendor where they take care of the machine setup, provisioning and configuration to address your specific needs, scaling the lab to meet your needs and charging you based on your usage.

In areas such as performance testing, compatibility testing - both manual and automated, localization testing, leveraging IaaS is significantly faster and also more economical in the longer run if you take into account hardware depreciation and other associated costs of setting up the inventory in your own premises.

The other advantages this model offers include:

1. Complex setup done by experts accurately represent your test lab requirements
2. Freeing up your testers and build engineers from the mundane setup tasks, motivates and gives them more time to focus on their specialized areas of work
3. Faster lab setup and scaling options result in quicker test cycles and a faster time to market
4. Hardware and Software that is typically hard to procure or which touch upon some remote cases, which would otherwise not be justified in setting up on premise, can now be easily accommodated in your test strategy
5. Easier debugging and troubleshooting, where sharing a common environment with the rest of the product development team is now feasible

While all of this sounds to be a picture perfect scenario, one should be very careful on choosing the right IaaS vendor, carefully thinking through the configuration requirements, and having a plan to validate the environment before actually using it. Remember that although you have the complete control in deciding your lab needs, you are not physically controlling them, rather only virtually controlling them. So, it becomes all the more important to ask the right questions, and consider options in finalizing the vendor of choice.

In addition, also keep in mind that the virtual/hosted infrastructure is no replacement to the testing teams valuable discretion on the optimized test environment to use. The IaaS vendor is only going to work on your instruction set to meet your needs and provide suggestions if you need them: you know your product, its architecture and test scenarios the best, which are very important in deciding the infrastructure setup that optimally meets your needs.

In conclusion, the Cloud helps improve a test teams productivity to a very large extent. Understand what it has to offer, think through how you can use it for your specific project at hand, go in for a customized solution rather than an out of box base solution-with these in place, you can certainly distinguish yourself in the marketplace with your set of offerings regardless of whether you are a product or a services company.

Installation of Selenium IDE

Selenium is one of the very powerful open source automation tool for doing web site automation. In this series I will talk mainly about:

• Selenium Overview
• Installation of Selenium IDE
• Selenium IDE Features - File Menu

Selenium

Selenium is a set of tools that help in the rapid development of test script for web-based application. The Test Script written in Selenium runs in many browsers, operating systems and the script, framework can be written in many programming languages such as C#, Java, PHP, Perl, Ruby, Python etc. Some of the tools which will be part of your test scripting are:

• Selenium IDE
• Selenium Remote Control or Selenium RC
• Selenium Grid

I will touch base with RC and Grid in my next series.

Installation of IDE

The Selenium IDE (Integrated Development Environment) is the tool you are going to use to develop your Selenium Test Cases. Its an easy-to-use Firefox plug-in and is generally the most efficient way to develop the test cases. Please see the pre-requisite for the IDE:

Browser - Firefox 2+
OS - WinXP and above
H/w - Standard machine with latest processor and RAM.

Step 1 - Install Firefox, if not available (go to site http://www.mozilla.com/firefox/ or google it) - Skip Step 1, if Firefox is already installed on your machine.

Step 2
• Launch Firefox
• Navigate to http://www.seleniumhq.org/download
• Click the download link corresponding to "Selenium IDE"

Step 3 - Click Allow, if you see an Yellow bar on the top.

Step 4 - Now Firefox will start downloading the Selenium IDE and you will see below screen. Select Install Now.



Step 5 - Firefox add-ons windows pops-up, first displaying the installation progress and when installation completes, ask for Firefox restart to complete the installation. See below:



Step 6 - After you restarted the Firefox, go to Tools -> Look for Selenium IDE option - You are now done with your installation.
Next I will describe more about Selenium IDE features available in Menu, Toolbar etc.

You can launch Selenium IDE through Firefox, Tools menu. As soon as you start Selenium IDE, you will see below screen:

SoftwareTesting: The Old and the New

Software testing has evolved considerably over the last decade from single dimensional test approaches to multi-dimensional ones. Testing now encompasses broader aspects such as test management through push button test environment creation on the Cloud to dedicated tool evaluations for each kind of testing. There is general consensus worldwide though, on the need for flexibility and creativity in testing and the need to treat testing as more than just another phase performed towards the end of the project.

Traditional software testing that focused on code-level testing has evolved with Distributed and Web Service architectures. Security takes on more importance as there are now multiple integrated systems and multiple interfaces, internal and external. In this context, I would like to delve more into the details of testing Service-oriented architecture (SOA) and SOA based solutions, a subject close to my heart!

The V-Model:

For Web Service architectures and SOA, the V-Model is typically a suitable test methodology that enforces testing discipline throughout the project lifecycle. The project starts with defining the Business User Requirements. The V-Model would recommend that the Business Acceptance Test Criteria for these defined requirements are defined and agreed before moving to the start of the technical design phase. Before moving to the next phase/level of technical design, the model recommends test criteria defined for that level of technical requirements, and so on. The V-Model is simply encouraging the project team to continually determine how they would successfully test the project deliverables.

The V-Model is a suitable test methodology to deliver SOA projects for the following reasons:

1. It encourages a top-down approach with respect to defining the business process requirements, high-level functional technical design, security etc.
2. It then encourages a bottom-up test approach - test individual functions within a service, test an individual service then test a composite set of services through to testing an integrated process and finally testing a complete business system. SOA is loosely coupled services and that is why a bottom up test approach is recommended.
3. The levels reflect different viewpoints of testing on different levels of detail.
4. The V-Model encourages testing throughout the entire Software Development Life Cycle.

Challenges:

Some of the new challenges in testing SOA solutions as opposed to the traditional applications, typically are:

1. Services that do not have a user interface
2. Data driven business logic within services
3. External services to the organization
4. The quality of service software will be vital to promote reuse and facilitate business agility. Services that have known bugs and quality issues will not be reused by the development teams. A significant increase in testing activities and test assets (functional, performance and security regression suites that include sophisticated harnesses and stubs) will be required at a service (program) level
5. Predicting the future usage of services to assist with performance, load, stress, scalability
6. As your SOA evolves, security testing will have a higher priority and profile within your organizations test strategyIn SOA, Services are based on heterogeneous technologies.

No longer can we expect to test an application that was developed by a unified group, as a single project, sitting on a single application server and delivering through a standardized browser interface. The ability to string together multiple types of components to form a business process requires unconstrained thinking from an architects perspective, and test planning and scheduling complexities from a testers perspective.

In SOA, application logic is in the middle-tier, operating within numerous technologies, residing outside the department, or even outside the company. We know that to test SOA, you need to go far beyond merely testing a user interface or browser screen. Web Services (WSDL/SOAP) will be an important component for many SOAs, but if youre only testing Web Services, you are not likely to test the entire technology stack that makes up the application. What are the transactions happening at the messaging layer? Is the right entry being reflected in the database? In fact, many perfectly valid SOA applications will house business logic entirely outside of the Web Services.

To address the above challenges, organizations need to review and enhance their current test methodology. Many Test Tool vendors have now recognized the new SOA test challenges and have developed a new breed of tools to help organizations to plan, manage and automate SOA functional, performance and security testing.

Testing SOA solutions:

How do you test SOA architecture? You dont. Instead, you learn how to break down the architecture to its component parts, working from the most primitive to the most sophisticated, testing each component, then the integration of the holistic architecture. In other words, you have to divide the architecture into domains, such as services, security, and governance and test each domain separately using the recommended approach and tools. SOA is loosely coupled with complex interdependencies and a SOA testing approach must follow the same pattern.

You can broadly categorize SOA testing into the following phases:

1. Governance Testing
2. Service-component-level testing
3. Service-level testing
4. Integration-level testing
5. Process/Orchestration-level testing
6. System-level testing
7. Security Testing

Test Tools:

As discussed earlier, tools are key in every phase of testing. SOA requires a comprehensive test tool strategy. Some of the commercial and open source tools available in the market that could be explored for SOA testing initiatives would be:

Commercial:

1. Green Hat GH Tester
2. Mercury suite of products
3. Parasoft SOAtest
4. AdventNet QEngine
5. Borland SilkPerformer SOA edition
6. iTKOs LISA product suite

Open Source/ Freeware:

1. SOAP UI
2. PushToTest TESTMAKER
3. AutoStub (an internal tool developed by Torrry Harris, belonging to the SOAizer™ stack)

Conclusion:

As conclusion, a few key recommendations for testing SOA initiatives would be:

1. Design your SOA project test approach alongside the definition of business requirements and highlevel technical design. Ensure the test teams are involved right from the start.
2. Static test techniques such as formal inspections are a must to ensure the business requirements and technical designs are defined to standards and are complete. Strong governance and discipline are essential to successfully delivering SOA.
3. SOA is driven by business and not technology. The test team will have to ensure the key business stakeholders and users are actively involved throughout the project life cycle and not just at the start and the end.
4. The Test team must be aligned to business domains not technologies. This will enable a successful implementation of a Risk Based approach to testing. The test team must also be technical and be able to white box test the entire SOA platform.
5. Security assessment and testing must take place throughout the entire project life cycle.
6. Many organizations will need to perform a leap of faith. The majority of testing activities now need to be performed during the business requirements analysis, design and service build phases. To achieve delivery agility and true service reuse, each individual service must be delivered to the Integration and UAT test phases with well-defined functional test coverage and guarantees on performance, scalability and security. Simply put, services must come with a Quality statement!
7. Test Tools are now a must. Organizations must invest appropriately in a test tool strategy.

You should not be surprised that many of the recommendations outlined in this paper are not new. Many of them are already defined as best practices. SOA demands strong governance, well-defined standards, processes and disciplines. If Quality is at the heart of your SOA, then the promises of SOA will be delivered.

Qualities that Contribute to a Tester's Success

Software testing is getting increasingly more important as more and more systems need to communicate. But the question of who should run these tests arises every now and then. Norwegian course developer Confex came up with a list of what their attendees describes as characteristics of the best software testers.

Many people believe that a good software tester is a die-hard pessimist - or an optimist with experience. However, Confex doesn't agree with the myth, but they can understand how it came to existence.

Therese Sorensen, Head of Product Development at Confex mentioned that experienced testers saw the same mistakes being done over and over, so maybe that frustration was mistaken for pessimism. But they are yet to come across any pessimist in their research.

Confex researched all their courses to ensure they addressed their target groups' real needs. For their courses in software testing they've asked what qualities testers and test managers believe the best software testers should possess.

The 5 qualities of the best software testers as found out by Confex are:

Basic knowledge of software development: Understanding developers' way of thinking is not required to do testing, but to get quick results mending the problems is the key skill.

An aggressive approach: "Test to break" is a mantra for the best testers.

Understanding customer needs: Good testers understand customer/user needs.

An eye for details and quality: The ability to pick everything apart looking for flaws is what the job is all about.

Communication skills: A software tester must be able to communicate with both technical people on the developer side as well as non-technical customers and managers.

Seven Tools Testers Use for Reports

There are many test tools/graphs being used by software testers to help them analyze the test results while making test reports based on the information they have collected. Using tools helps testers display their findings to stakeholders. Take a look at the seven important tools used commonly.

1.    Pareto Charts: These are a combination of bar and line graphs. Here the bars indicate the causes of a problem based on its severity: largest to smallest problem. Testers can use it to underscore the major problems. They also help a tester determine what critical issues they must focus on.

2.    Cause and effect diagram: This method is also called the fishbone diagram. It is helpful when a tester wishes to visualize and understand what are the root causes of a problem. Inputs for this diagram usually come from brainstorming. Through this the testers can differentiate between real reasons and the symptoms of an issue.

3.    Check sheets: This tool could be used to record the number of incidents or occurrences that have happened in a specified span of time. It objectively supplies factual data to validate and assess problems which could be used for Pareto Charts and histograms.


4.    Histograms: Histogram is a method of grouping data by preset intervals to demonstrate the frequency of the data set. With ample data derived from a process or a problem, one can plot this into a histogram. The histogram will display the process central point (average), variation (range), and shape of distribution (normal, slanted, and clustered). Testers can then provide a chart on software capability.

5.    Regression Analysis: Regression Analysis is used to graphically show the relationship between two variables and the correlation between them. For example, software size and memory usage could affect performance and cost. The analyst could determine the cause of some undesired event/result by developing correlations between multiple variables.

6.    Scatter Plot Diagrams: A scatter plot diagram also illustrates the connection that might exist among two variables or factors. This tool is used for problem solving and understanding the cause and effect relationships. It is often referred to as “correlation” diagram, and the pattern of the plots will reveal correlation (positive, negative, linear, random, curvilinear, or cluster) between variables or factors.

7.    Multivariate Analysis: Multivariate Analysis is used to show how two variables are related. The concept of exploratory graphics is used in this analysis because many times the graphical information created is not enough or useful in identifying areas for further analysis. The results for exploratory graphics must be established through more investigation so that they may be used in presentations and reports. In most cases, regression statistics are used in this technique to produce the information required for multi-variable graph.

5 Trends Influencing Testing

Software testing aims at detecting and fixing the issues that occur during software deployment. This is a major pillar of the software development process. Rex Black Consulting Services charted the five chief trends that are heavily affecting testing.

1. Globalization: Hardware outsourcing became big in the early 90s, about 10 years before software outsourcing. Now as companies gain practice with outsourcing and the costs for communication fall, every organization will seek to pursue low-cost labour which is the reason why testing opportunities are increasing in India.

2. Test automation: Due to the availability of many automated testing tools, automation has grown beyond regression testing at the Graphical User Interface to API and CLI which are the interfaces in which automation is currently the trend.

3. Commoditization: Testing is increasingly being seen as a commodity, as the common view is that the testing services lack qualitative differentiation and the smart choice would be to pick the cheapest testing option. Testers need to understand this trend. Testing is not a commodity. Testing Services can expect an increased emphasis on quality and interoperability.

4. Compliance, Regulation and Tort Law: Every company must always have a clear stand on Industry standards, legal regulations and changing liability standards. Risks associated with non-compliance and regulatory violations are growing. You need to make sure that your company isn’t sued or barred from the market. Testing is obviously a risk mitigating strategy but security ought to be on the agenda as well.

5. Education and Certification: Any company will pick a skilled tester who has higher qualifications than his counterparts. Education options in testing domain are varied. A tester needs to stay competitive. Since certification is sweeping the software and systems engineering field, it wouldn’t hurt to get certified. Certification programs establish the essentials of the topic that all competent practitioners must know.