Transcript www.pugchallenge.eu

Applications
development and
testing solutions in
the cloud
Didier Camous
Strategy & Technology
HP Software EMEA
Dusseldorf Progress PUG 20 November 2014
Building and Delivering Applications?
The name of the game is change… faster
By 2016, organizations
that will have joint
initiatives with Dev &
Ops supporting
continuous delivery
By 2016, integration
projects that include
on-premises
applications and cloud
services
By 2015, mobile app
projects will outnumber
PC projects
40%
50%
4 to 1
Agile Delivery
Cloud
adoption
Source: Gartner
2
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Mobilization
Rollbase agile development needs to test earlier and often
Desired outcomes
• Improved quality of initial
code development
• Accelerate and streamline
release cycle
• Automated development,
build & test process
• Reduced test and delivery
bottlenecks
• Meshed tool chain, with
integration and abstraction
Rollbase
Automate, Integrate,
Collaborate
3
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Testing Obstacles To Faster Releases
Total (n=112)
Ineffective automated
regression testing
Ineffective integration
testing
Manual testing was too
slow
Testing resources were
not available when…
Ineffective load testing
and performance…
Ineffective automated
unit testing
62%
61%
61%
51%
46%
46%
Lack of skills
None of the above
16%
1%
Base: 112 North American and European IT decision makers involved in application development and delivery
Source: A commissioned study conducted by Forrester Consulting on behalf of HP
4
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© 2013 Forrester Research, Inc. Reproduction Prohibited
4
Key motivations for adopting SaaS
Financial
Up to 40% ROI
X2 adoption
Complement IT
Project burst
Lack of IT
Resources
Alternative to
IT
Better agility
Simplify processes
Faster Time to
Value
Usage flexibility
Accelerate
Interval billing
Strategic Initiatives
Innovation
SaaS allows our customers to focus on their core business.
6
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Meeting Service Providers and ISV Challenges
Both focused on reduced cost and increased profitability
ISV Benefits
Expanding their
reach
Growing long-term
revenue
Improving time to
market
Reduce Costs
Retain and attract
Enterprise customers
Expertise
Create new revenue
streams via flexible
financial models
Minimize the risks
(both technical and
business)
Service Providers Benefits
7
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
HP SW Portfolio for Application
development and Testing as a
Service
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
HP integrated portfolio of software for Cloud Service
Providers
HP Agile Manager &
Dev management
HP Application Lifecycle
Management
Rollbase applications –Virtual Private Cloud
HP Unified
Functional
testing
HP Service
Virtualization
HP Application
Security
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
(Webinspect)
HP
Performance
testing
HP ALM and quality solutions
Deliver faster, perform better
Executive scorecard for VP of applications
Application Lifecycle Management
Enterprise Release and Project Management
Requirements
definition &
management
Release
planning
Development
management &
integrations
Test
management &
execution
Defect
management &
tracking
Application Quality: functional, performance, security
Dependency & change detection | Policy mgmt. & governance | Lab mgmt.
Extended solutions
Composite applications • hybrid development • agile • service virtualization • mobile • cloud
10
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Production
transition
Traditional waterfall delivery
Jan
R
i
s
k
Feb
Rqmt
Design
Mar
Code and test are pushed to
Apr phases,
Maymeaning
Jun
the later
defects are uncovered too late
for effective resolution.
Code / unit test
System test
Time
11
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Agile: as it should be
Jan
Feb
Mar
Apr
May
May
Jun
Jun
Rqmt
RQMT
Rqmt
Rqmt
Rqmt
Rqmt
Rqmt
Design
Design
Design
Design
Design
Design
DESGN
Code/UT
Code/UT
Code/UTCODE Code/UT
/ UT
Code/UT
Code/UT
Sys. test
Sys. test
Sys. test
Sys. test
TESTSys. test
 Time-boxed for focus
 Hands-on with stakeholders
 Surfaces issues sooner
12
Sys. test
 Continuous testing
 Designed for change
 True measure of progress
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
HP Agile Manager
Empower Agile teams. Enable enterprise
agility.
13
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
HP ALM + HP Agile Manager
Agile
Manager
•
•
•
•
SYNC
User Stories
Defects
Sprints
Scrum Task Board
HP ALM/QCE
•
•
•
•
•
Requirements
Defects
Resources
Test Lab
Test Results
Velocity and quality for the enterprise
• Native integration to leverage best-in-class quality management and continuous
testing capabilities of HP ALM/QCE
• Traceability, asset sharing, visibility across broader enterprise app ecosystem
• Enterprise support for both Agile and non-Agile projects
14
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Customers speak out on HP Agile Manager
15
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Service Virtualization
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Why the issues?
• Software components not ready yet
• Components/services with limited
access
• Dependency on third party– costs
• Data too difficult to source
• Security and compliance restrict
access
REST
Third Party
LDAP
MQ
Web
browser
Mobile
App
Mainframe
JDBC
Existing database
Composite
Application
Application
services
Application Under Test
17
Single sign on
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
SOAP
JMS
Web service and
Legacy application
Existing Infrastructure
•
•
•
•
Service virtualization becomes a key answer
Keep developing and testing moving forward with virtualized services
Pay-per-transaction
Virtualize for always available services
Virtualize data scenarios
Make available for Dev and Test
Share services—lower infrastructure costs
REST
Third Party
LDAP
MQ
SOAP
REST
JMS
MQ
Web
browser
Mobile
App
18
Mainframe
Data
JDBC
Existing database
Perf.
Config
Composite
Application
Application
Simulatio
services
n
Application Under Test
Service
Virtualization
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Single sign on
SOAP
JMS
Under
construction
Web service and
Legacy application
Existing Infrastructure
HP Service Virtualization
HP Service Virtualization
Data
Perf.
Config
SOAP
REST
MQ
JDBC
RFC
CICS
Internet/
WAN
Rollbase
Other
Apps
OpenEdge
Virtual services are always available for
development and test
19
• Create virtual services of most
Composite app types:
• Web Services, Rest, JMS, ERP apps,
legacy middleware
• Extensible for other transports and
message types
• Manage virtual services via web
• integration to functional, security,
performance testing
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Service Virtualization Benefit Summary
•
Shift left: Test earlier without need for
end system to be ready
How has productivity improved
from using service virtualization?
•
Test more scenarios quickly
(manipulating data, performance,
network models)
• 61% increase in service
availability
•
Ease of use and management– from the
web, through HP Application Lifecycle
management and HP Quality Center
•
•
20
Reduce infrastructure costs: share
virtual services across teams
Removing dependencies: Predictable
schedules and launch dates
• 23 % average time to market
improvement
• 45 % average test coverage
increase
• 58 % average test time decrease
Source: Voke Market Snapshot: Service Virtualization, December 2012.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Unified Functional Testing
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
More modern testing challenges
Demands for Quality Assurance Teams Increase
Constrained
Resources
More API/Service
Testing
Agile Test
Execution
Complex
Verifications
Tight budgets, turnover, distributed
teams, outsourcing,
BAs and developers
become part-time
testers
Cloud-based apps,
XML, web services,
.NET, embedded
systems
Compressed
schedules, R&D
driven, GUIs not
ready
Mobile devices,
missing services,
composite apps
22
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Manual vs. Automated Functional Testing
Manual functional testing
23
Automated functional testing
Time
Compressed schedules and few resources
Limited IT resources combined with tight
schedules impact ability for manual functional
testing to complete
Rapid test script execution
Rapid test execution saves time and enables QA team to
meet schedule deadlines
Efficiency
Developers replicate defects manually
Testers and developers left to manually
reproduce defects
Automatic defect replication ensures accuracy
Provides development with easy replication of software
defects for easy correction
Cost
Limited environment coverage
Manual testing is not practical to ensure tests are
run on all supported operating systems, browsers,
etc.
Enterprise environment coverage
An individual automated test can run un-modified across
browsers, development environments or operating
systems
Risk
Incomplete test execution – cutting corners due to
manual regression
When development fixes are introduced, manual
regression testing takes too long to do complete
regression testing. Corners are often cut
Complete test plan coverage every time
To accurately measure application quality and ensure
business processes function correctly for every release,
every patch, every time
No longer possible to setup the environment
End-to-end testing in complex environment
variances and all required test preparations in a
Crucial to have all of the pieces ready and available with
Complexity reasonable time, in order to execute and validate data aligned for testing
functional testing manually.
Include mobile devices, network simulation and back
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
office access
Test and Automate as early as possible
January
Monday
9
February
Tueseday
14
March
Friday
2
April
Monday
23
May
Thursday
24
June
Monday
11
C1
C1
C1
C1
C1
C1
C2
C2
C2
C2
C2
G1
G1
G1
G1
C3
C3
C3
G2
G3
G3
July
Monday
23
…
BP
Regression test at the end of each iteration or as part of continuous build
24
C1 GUI-less component
G GUI element
BP Business process
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Stable
component
HP Unified Functional Testing from the cloud
HP UFT Suite
Enables consistent, repeatable
process to:
Internet/
WAN
• Test a broad range of
technologies
• Accelerate testing cycles
Rollbase
Other
Apps
OpenEdge
Accelerate Delivery and Increase
Quality
25
• Automate manual test scripts
• Validate quality of frequent builds
• Reduce per unit cost of testing
• Cloud based automated mobile
functional testing
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
HP Unified Functional Testing from the cloud
Comprehensive market leading solution for functional test automation
Enables consistent, repeatable
process to:
Wealth of technologies
• Automate manual test scripts
• Test a broad range of technologies Mobile
domination
• Accelerate testing cycles
Agile
• Validate quality of frequent builds
• Reduce per unit cost of testing
• Cloud based automated mobile
functional testing
Composite Apps
Accelerate Delivery and Increase Quality
26
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Application security
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Applications are everywhere
New applications
conceptualized in
Design
28
Current applications
coded in Development
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Legacy applications
running and supported
in Production
But…applications are the weakest link
Applications are
the Entry Point
Software
Intellectual Property
Customer Data
Hardware
Business
Processes
Attacks
Trade Secrets
Network
29
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
And are easily exploited
OWASP Top10
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Pro
ject
A1 – Injection
A2 – Cross-Site Scripting (XSS)
A3 – Broken Authen. And Session Mgmt.
A4 – Insecure Direct Object References
A5 – Cross-Site Registry Forgery
A6 – Security Misconfiguration
A7 – Insecure Cryptographic Storage
A8 – Failure to Restrict URL Access
A9 – Insufficient Transport Layer
Protection
30
A10 – Unvalidated Redirects and
Forwards
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Enterprises struggle with security
Adding Security
to the
development
process is
challenging
31
Security teams
and Development
teams are
separated and
often work in
opposition
Security is bolted
on at the end
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
As a result,
checkbox security
is the norm – and
doesn’t work
HP Solutions
Static Analysis
Source Code
Mgt System
Static Analysis
Via Build
Integration
Actual
Attacks
Real-Time Protection
Of Running Application
Application
Lifecycle
Normalization
IDE Plug-ins
(Eclipse, Visual
Studio, etc.)
32
Dynamic Testing In
QA Or Production
Runtime Analysis
Vulnerability Management
Remediation
Developers
(onshore or offshore)
Dynamic Analysis
(Scoring, Guidance)
Vulnerability
Database
Correlate
Target
Vulnerabilities
With Common
Guidance and
Scoring
Correlation
(Static, Dynamic, Runtime)
Threat Intelligence
Rules Management
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Defects, Metrics
And KPIs Used
To Measure Risk
Development, Project
and Management
Stakeholders
Hackers
Understanding Dynamic
Dynamic Tester
33
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Dynamic
HP Application Security – Webinspect Dynamic
analysis
HP WebInspect
Scale up the Security Testing Program
Cross-site scripting
SQL injection
Command injection
Internet/
WAN
Manage the Security Lifecycle of an Application
In preproduction and production
Rollbase
Other
Apps
Capture and understand the security risk of the
organization
OpenEdge
Management, tracking and
remediation of enterprise software
risk
34
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Enable all the stakeholders in the organization
to access and act on discovered vulnerabilities
Performance testing
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
The solution: performance testing
Emulate production workloads end-to-end
Performance
Test
Simulates
thousands of users
Internet/
WAN
Web server
App. server
Database
• Simulates real users with thousands of “virtual” users
• Generates accurate, measurable and repeatable load on the system from a
single point of control
• Pinpoints bottlenecks in the system
36
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
HP Performance Center from the Cloud
Performance testing
Internet/
WAN
Rollbase
Other
Apps
OpenEdge
Emulates production workloads end-toend
37
• Pinpoints bottlenecks in the
system
• Simulates real users with
thousands of “virtual” users from
the Cloud
• Generates accurate, measurable
and repeatable load on the
system from points of control
located in the Cloud
• On-demand, use for as long as
you need, scale up or down as
projects evolve
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Maximum Performance and Scale Benefits
Ideal for teams running a short-term project
Scale without the overhead
Save time/effort
using automated, worldwide provisioning of
load generators in the cloud
by leveraging and sharing cloud testing
configurations and resources across
teams
Who need more than web protocols
Integrated monitoring
Ability to drill down into transactions
And ability to run load from multiple
datacenter
Simulate Network Condition
Dynamic network characteristics create
realistic and valid performance testing
results
38
Reduce risk and improve test
results
by bringing production data into
performance testing as baseline
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Conclusion
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
A complete cloud ALM & testing solution
Cloud functional test
Cloud functional test
HP Unified
Functional Testing
Agile
Manager
HP
ALM
HP
Fortify
Cloud security test
HP Service
Virtualization
Rollbase
Shunra
Network
Virtualization
HP Performance
Center and
LoadRunner
Cloud Performance
40
© Copyright 2014 Hewlett-Packard Development Company,test
L.P. The information contained herein is subject to change without notice.
Cloud
load test
Providing Testing as a Service to your
customers
Increase
revenue with Drastically reduce
Maximize investment Increase speed of
testing Center of
Excellence
overhead of test
maintenance
in testing capability
release cycles
Cloud-based as a service
development /test
environment
Automate repetitive manual
steps
Maximize productivity and
collaboration
Increase speed and
efficiency in the software
testing lifecycle
Validation of performance
and scalability requirements
across multiple device
types and network
environment
Broad technology coverage
Maximize utilization of
resources through pooling
and sharing of licenses,
hardware and software
Enable near-real-time
iterative for use of agile
methodology
Security practice around
static and dynamic code
Reuse components and
asset
Provide strategy and
implementation expertise
Track performance
requirements and defects
Integrated GUI and
services/API testing
Plan and execute tests
across multiple concurrent
projects and people
Provide advisory services
Identify and eliminate
Increase efficiency, produce
customer testing
performance bottlenecks
better quality applications
capabilities and process
via Center of Excellence
Automatic documentation
effectiveness
is subject to change without notice.
41 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained hereinmodel
for tests and defect
Growing repositories of test
scripts, tools for test
management, and bug
tracking
Thank You
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.