Non-Functional Risk Assessment Framework to increase predictability of Non-Functional Defects

Similar documents
QEx WHITEPAPER. Increasing Cost Predictability in Performance Testing Services via Unit-Based Pricing Model.

Clinical Platform Compliance in the Cloud

ANALYTICS STRATEGIES FOR INSURANCE

top 5 critical mistakes to avoid when creating a 360 view of customer

the 3 keys to achieving real-time visibility of your customer s experience

Effective Bundling: Just Selling Another Product or Managing Risk Portfolio? whitepaper May 2014

The Analytics COE: the key to Monetizing Big Data via Predictive Analytics

DIaaS (Data Integration as A Service) CDISC Conversion Platform

QEx Whitepaper. Automation Testing Pillar: Selenium. Naveen Saxena. AuthOr:

Clinical Platform Identity & Role Based Access Management

Best Practices for CAD Data Migration

POINT OF VIEW FEBRUARY Navigating the Clouds Aviation Industry

Making communication in healthcare effective and compliant Integration via the HL7 Interface Engine by Somnath Mukherjee

5 key trends in the evolution of BI tools and their implementation

Global Product Life Cycle Management. Improving product profitability amidst global competition through global sourcing.

HCL's Next Gen Store Management

PLM Center of Excellence PLM for Embedded Product Development - Challenges, Experiences and Solution. M a y

New levers for a transformative CFO

Mainframe Managed Tools as a Service (MFMTaaS) Accelerating Growth

Universal Adapters for Remote Monitoring

Mobility in Claims Management

Multi-Tenancy on Private Cloud. F e b r u a r y

Reliability Allocation Technique

Clinical Trial Transparency: An IT Perspective By Vijai Krishna

POST MARKET STUDY AS a SERVICE (PMSaaS) Chaitanya

June Mobile BI: The next frontier in Business Intelligence

Model Based Testing (MBT) J u n e

TBR. Demand for Engineering Services Outsourcing is increasing, particularly for offshore vendors. May 2012

LIMS Integration Framework Model

Federal CIO: Cloud Selection Toolkit. Georgetown University: Chris Radich Dana Christiansen Doyle Zhang India Donald

PAYOR DATA LAKE by Shantanu Baruah

TBR. HCLT s App Test Factory Service Line Unit reduces testing costs and time to market for mobile applications. March 2014

Successfully migrating to the Oracle Cloud

Building Scalable e-commerce System

Performance Testing. Slow data transfer rate may be inherent in hardware but can also result from software-related problems, such as:

Know more Act Better: Launching KPI Reporting & Benchmarking Framework

TABLE OF CONTENTS. The Challenges 3. The Solution 4. Hardware 5. Software 6. Benefits 8. Contact Us 9. About HCL 10

IT Outsourcing Transformation Demand of the time

IoT Basics and Testing Focus

HYBRID CLOUDS DEFINING A SUSTAINABLE STRATEGY DR. RAGHU P. PUSHPAKATH KRISHNAKUMAR GOPINATHAN SACHIN KANOTH MADAKKARA

Neelesh Kamkolkar, Product Manager. A Guide to Scaling Tableau Server for Self-Service Analytics

CataLOG. - Catalyzing Logistics

Service Quality Management The next logical step by James Lochran

S&OP a Hoshin Kanri Approach

Smarter Balanced Assessment Consortium. Recommendation

Qlik UKI Consulting Services Catalogue

Capacity Plan. Template. Version X.x October 11, 2012

Product Brief SysTrack VMP

Legacy Modernization Modernize and Monetize

Wait-Time Analysis Method: New Best Practice for Performance Management

Technology Consulting. Infrastructure Consulting: Next-Generation Data Center

for Oil & Gas Industry

Application Performance Testing Basics

DELL s Oracle Database Advisor

Scalability and BMC Remedy Action Request System TECHNICAL WHITE PAPER

Transportation Solutions Built on Oracle Transportation Management. Enterprise Solutions

Virtual Desktop Infrastructure Optimization with SysTrack Monitoring Tools and Login VSI Testing Tools

Computer Integrated Manufacturing for Fully Automated Manufacturing

Avg cost of a complex trial $100mn. Avg cost per patient for a Phase III Study

Cloud Computing for Architects

Optimizing Service Levels in Public Cloud Deployments

Performance Testing and Functional Automation Specialist Cloud Services

GETTING STARTED WITH ANDROID DEVELOPMENT FOR EMBEDDED SYSTEMS

Risks in Middleware Migration- Demystifying the Journey

Key Success Factors for Delivering Application Services

An Oracle White Paper August Oracle VM 3: Server Pool Deployment Planning Considerations for Scalability and Availability

WHITE PAPER. J a n u a r y SAP Recycling Administration (REA) for Consumer Product Manufacturers.

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

Life Sciences and Healthcare Practice

VBLOCK SOLUTION FOR SAP APPLICATION SERVER ELASTICITY

Software-Defined Networks Powered by VellOS

Deploying Fusion Middleware in a 100% Virtual Environment Using OVM ANDY WEAVER FISHBOWL SOLUTIONS, INC.

January 2011 AUTOMATION OF PHARMA REGULATORY COMPLIANCES IN HL7 ENVIRONMENT

CRITICAL SUCCESS FACTORS FOR A SUCCESSFUL TEST ENVIRONMENT MANAGEMENT

Accelerating Time to Market with Agile Testing

BI4.x Architecture SAP CEG & GTM BI

SQL Server Master Data Services A Point of View

Mobile application testing for the enterprise

Achieving Mainframe-Class Performance on Intel Servers Using InfiniBand Building Blocks. An Oracle White Paper April 2003

Meeting the Five Key Needs of Next-Generation Cloud Computing Networks with 10 GbE

Service Oriented Architecture and the DBA Kathy Komer Aetna Inc. New England DB2 Users Group. Tuesday June 12 1:00-2:15

OPTIMIZING SUPPLY CHAIN CATALYSING TRANSFORMATION

Performance Modeling for Web based J2EE and.net Applications

Horizontal Integration - Unlocking the Cloud Stack. A Technical White Paper by FusionLayer, Inc.

Performance Testing of a Large Wealth Management Product

IBM Global Technology Services March Virtualization for disaster recovery: areas of focus and consideration.

IT Operations Management: A Service Delivery Primer

EqualLogic PS Series Architecture: Hybrid Array Load Balancer

SAN Conceptual and Design Basics

Manjrasoft Market Oriented Cloud Computing Platform

ntier Verde: Simply Affordable File Storage No previous storage experience required

Enterprises have begun to realize that to leverage CEM strategies effectively they have to overcome the following challenges:

EQF CODE EQF. European Competence Profiles in e-content Professions.

A chase between Auto Insurers and Technological Innovations!

How To Test For Performance

Case Study - I. Industry: Social Networking Website Technology : J2EE AJAX, Spring, MySQL, Weblogic, Windows Server 2008.

Regulatory Compliance Management for Energy and Utilities

ENOVIA V6 Architecture Performance Capability Scalability

The Methodology Behind the Dell SQL Server Advisor Tool

HCL Member Experience Management

Transcription:

www.hcltech.com Non-Functional Risk Assessment Framework to increase predictability of Non-Functional Defects Business Assurance & Testing AuthOr: Vijayanand Chelliahdhas is a Sr. Solutions Architect at HCL America Inc. currently responsible for solutions and business development for specialized testing services including Performance Engineering and Mobility Testing across the US geography. WHITEPAPER April 2015

TABLE OF CONTENTS ABSTRACT 3 INTRODUCTION 3 OBJECTIVE AND OUTCOME OF NON-FUNCTIONAL RISK ASSESSMENT 4 NON-FUNCTIONAL RISK ASSESSMENT FRAMEWORK 4 SYSTEM APPRECIATION AND TECHNICAL ASSESSMENT 4 DEVELOP RISK MATRIX 5 CREATE RISK CATALOGUE 6 ADVANTAGES & BENEFITS 7 CONCLUSION 7 ABOUT HCL 8 2015, HCL TECHNOLOGIES. REPRODUCTION PROHIBITED. THIS DOCUMENT IS PROTECTED UNDER COPYRIGHT BY THE AUTHOR, ALL RIGHTS RESERVED. 2

ABSTRACT Typically organizations tend to adapt a one-size-fits-all approach to validate a system for its non-functional (NF) requirements. Not surprisingly, a significant number of non-functional issues surface post go-live. Such unpredictability in the non-functional quality of a software implementation can be largely attributed to the lack of a focused approach to non-functional testing targeting the critical technical and non-functional risks in the system under test (SUT). This challenge can be mitigated by conducting a Non-Functional Risk Assessment exercise to develop a comprehensive Risk Catalogue. As a result, the NF test strategy and scenarios would be directly mapped to all the technical and NF risks in the system. The NF Risk Assessment Framework described in this paper enables to precisely determine the key vulnerable areas in the system and not just the application, addresses coverage across multiple non-functional domains of the SUT and not just performance, ensures the tests are designed to simulate production condition as close as possible and helps to prioritize test activities based on the criticality assigned. INTRODUCTION The standard approach to non-functional testing, which in most cases is limited to performance testing only, is to identify a subset of use cases, which are anticipated to be executed frequently in production, and conduct a set of non-functional tests. Such tests could include Load Tests, Stress Tests, Endurance Tests et al using any renowned commercial off the shelf (COTS) tool and then publish the test results. Where the test results indicate that certain transactions do not meet the stipulated Service Level Agreements (SLAs) (if they were defined in the first place) then either an exception is sought to go-live as per schedule or execute a re-test post tuning. Such tuning attempts are predominantly limited to modifying certain configuration values either at the application server or database server layer or both to alleviate the symptoms of performance issues. This superficial approach to non-functional testing tends to leave gaping holes in the system and exposes it to serious performance and non-functional quality issues when the rubber hits the tarmac in production. Given that there could be various reasons why the non-functional issues were not detected in a pre-production environment, one of the most critical elements is the ability to simulate the anticipated risks in a production like pre-production environment. To accomplish the same, the system under test should be systematically studied and all the potential risks thoroughly understood in the context of historical production non-functional issues and futuristic workload and deployment changes. This white paper explains how to undertake a Non-Functional Risk Assessment exercise to ensure the non-functional test strategy and scenarios have a fool-proof coverage of all the technical and non-functional risks to maximize predictability of non-functional quality attributes of the system. 2015, HCL TECHNOLOGIES. REPRODUCTION PROHIBITED. THIS DOCUMENT IS PROTECTED UNDER COPYRIGHT BY THE AUTHOR, ALL RIGHTS RESERVED. 3

OBJECTIVE AND OUTCOME OF NON-FUNCTIONAL RISK ASSESSMENT The driver for conducting a Non-Functional Risk Assessment is to technically assess the System under Test (SUT) for potential non-functional risks and thereby develop a Non-Functional Risk Catalogue, which would be the basis for developing the nonfunctional test strategy and the test scenarios. The Non-Functional Risk Catalogue is a collection of detailed risks and their impact to the non-functional quality attributes of the SUT. This catalogue is derived from a Risk Matrix which is essentially an intersection of the various potential Threats and Focus Areas for the SUT. The following sections detail the method to study a software system, assess it from the various non-functional attributes perspective and arrive at a detailed risk catalogue NON-FUNCTIONAL RISK ASSESSMENT FRAMEWORK The proven framework for non-functional risk assessment comprises of the following 3 steps: y System Appreciation and Technical Assessment y Develop Risk Matrix y Create Risk Catalogue This framework was implemented to assess the nonfunctional risks of a Trading Product developed by a major UK based banking software provider. The following sections of the document will leverage the above said actual implementation experience for illustration purposes. SYSTEM APPRECIATION AND TECHNICAL ASSESSMENT This is the fundamental step in the framework, the output of which is critical in building the Risk Matrix Subsequently. This is further broken down into 3 steps as follows: y Study application architecture and design y Historical non-functional incidents analysis y Understand future deployment and workload characteristics The architecture of the SUT is thoroughly studied from the logical and physical point of views, the technology landscape, including studying the various components of the architecture, the core business engine, how the complex algorithms were implemented, the synchronous and asynchronous communications, CPU or Memory or I/O intensive operations, what were the integrated components and how the data flows in integrated scenarios. If the SUT has already been in production, then the information from the historical incidents reported in production is invaluable information to understand the maturity and weak areas of the system. In our example, at least 12 months of data from the Incident Management System was extracted for a thorough entry by entry analysis. Besides documenting various record keeping fields for each Incident shortlisted, the 2015, HCL TECHNOLOGIES. REPRODUCTION PROHIBITED. THIS DOCUMENT IS PROTECTED UNDER COPYRIGHT BY THE AUTHOR, ALL RIGHTS RESERVED. 4

following data were also gathered, analyzed and documented. A sample entry is shown below: Incident Description Technical Analysis Non-Functional? (Y/N) NF Domain Class of Issue Sub-Class Potential way of Detecting Applicable NF Test Trunk End of Day (EOD) has a reproducible error where extract reports are requested in conjunction with re-use reports. The remaining steps are still unexecuted but the EoD job has completed. When a job/step is bypassed, the next job/step should take over and execute. And EoD status should reflect this appropriately. However in actuality, due to bypass of a step, the EoD loses status integrity (suspected to be at least 2 causes - weblogic to database (DB) connection starvation, DB lock contention. Y Reliability Connection Pool Starvation, Database lock Contention Bypass a step in EoD (particularly a step in Extract report) Schedule an EOD run with Extract Reports in conjunction with Reuse Reports. Bypass a step manually in the middle of the run (particularly a Step in Extract Report) Tract the status of the next job, current job and overall EoD EoD Batch Test (peak daily volume) Out of a total of 3000 incidents, about 212 non-functional incidents were identified for in-depth analysis. Each of those shortlisted entries were studied and documented in the above format. After the historical incidents analysis, several discussions were conducted with two program teams who were involved in the two biggest implementations of the software product spanning over 36 months. The objective was to understand the technology stack, the infrastructure capacity details such as the number of nodes, VMs, data centers, latency between the architecture components, the latency between the end users and the datacenters, growth in business volume and therefore the projected workload, the growth in the number of end users, the rate of growth of the database size, the plan and algorithm for data archival and purging. This comprised all the activities involved in System Appreciation and Technical Assessment which helped gather all the requisite data to arrive at the Risk Matrix. DEVELOP RISK MATRIX The Risk Matrix is essentially precipitated from the information analyzed in the above step. The objective of the risk matrix is to map the potential Non-Functional Threats to the Focus Areas of the SUT and to highlight the degree of impact of each Threat Focus Area mapping. A Threat is a technical attribute or event that can impact the non-functional quality of the SUT. Examples of threats classified in the illustration include: processing overlaps, concurrency, JVM sharing, multi-geo access, VM crash, incorrect error handling etc. A Focus Area is a component or set of functionalities in the SUT that is critical to the non-functional quality of the SUT. Examples of focus areas classified in the illustration include: OLTP scenarios, EoD processing, interfaces processing, global app, infrastructure utilization etc. In our particular illustration, 14 non-functional domains were initially identified which was later crystallized 2015, HCL TECHNOLOGIES. REPRODUCTION PROHIBITED. THIS DOCUMENT IS PROTECTED UNDER COPYRIGHT BY THE AUTHOR, ALL RIGHTS RESERVED. 5

to 7 at the end of the System Appreciation and Technical Assessment phase. The 7 Non-Functional domains included Scalability, Reliability, Performance, Resilience & Recoverability, Capacity, Interoperability and Compatibility. There were a total of 31 Threats identified across the 7 Non-Functional domains and these were mapped to 7 Focus Areas. This resulted in a mapping of 217 non-functional risks in total which was then classified to 5 different types as indicated below. Following is a snippet of the Risk Matrix, displaying a sub-set of Threats mapped to the Focus Areas. NFT Risk Matrix Non-functional Focus Areas Online Transaction processing (Transactional) EOD Processing Adhoc Reports Interfaces Global App Behaviour Zone Behaviour Infrastructure utilization NF Domain Threat TI Processing TI systems Infrastructure Processing Overlaps H H Scalability Concurrency H H Integration Complexity Horizontal Scalability (lack of) Processing Overlaps H H Reliability Stress Conditions H H Concurrency H Prolonged Usage H H Rating H Description High Impact + High probability of Occurrence High impact Medium Impact Low Impact Negligible Impact CREATE RISK CATALOGUE Once the Risk Matrix is developed, the next step of creating the Risk Catalogue is essentially a task of detailing the risks in accordance with each Threat Focus Area mapping. In our particular illustration, out of the total 217 risks, about 81 risks which fell under the first 2 categories (brown & red) were documented in detail in the form of a Risk Catalogue. For each Risk Catalogue entry, besides the risk and impact, the sub-threats and parameters to measure were also gathered and documented which could be directly converted to Test Scenarios. Following are 2 sample entries from the Risk Catalogue 2015, HCL TECHNOLOGIES. REPRODUCTION PROHIBITED. THIS DOCUMENT IS PROTECTED UNDER COPYRIGHT BY THE AUTHOR, ALL RIGHTS RESERVED. 6

# NF Domain 1 2 Scalability Performance Threat Sub-Threats Processing Overlap Multi Geo Access Intra Zone Processing - Risk Impact Two or more Multi Bank Entities (MBE) with in a Zone could be performing different operations at the same time, leveraging the same application/os/database resources and processing the same data set or accessing from the same data source (table/schema/database) There will be intermittent delays in online transaction processing (OLTP) or delays in Message transmission into the Transport client User sites are spread across the globe, however all user access have to pass through the global single sign on (SSO). There will be only one primary Instance of Global App in one location and all users will be routed through this single Global app. User accesses from multiple Geographies to the global App and the response therefore will potentially be slow, influenced by the bandwidth congestion over the wide area network (WAN) between the user sites and the global app Parameters To Measure OLTP Response Time Global Dashboard Response Time Focus Area Zone Behaviour Global App (SSO, Dashboard) Eventually the Non-Functional Risks were grouped by the NF Domain and summarized as part of this exercise conducted for the Banking Product. The Non-Functional Risks in the catalogue were then mapped to the identified NF tests to ensure traceability and coverage of the potential risks. ADVANTAGES & BENEFITS The following benefits could be potentially reaped by conducting a comprehensive non-functional risk assessment exercise: y Gain a precise understanding of the vulnerable areas and use cases (risks) of the SUT y Develop an exhaustive repository of non-functional test cases/scenarios y Ability to design tests focused on simulating the specific technical and nonfunctional risks y Ensure maximum possible coverage and traceability of the NF risks in the SUT y Predictability into all probable outcomes in production in the event of a technical failure or an unexpected workload situation or projected business growth CONCLUSION The Risk Assessment exercise illustrated here was conducted by 2 non-functional consultants over a 6 week period at the client site. Given the effort it takes to conduct such a comprehensive exercise, it may not be a feasible solution for short term projects or low complex applications or highly matured systems. However, for software product vendors and applications with large scale usage with unanticipated workload patterns and business growth scenarios, the qualitative and the quantitative benefits of conducting a Non-Functional Risk Assessment exercise clearly outweighs this modest effort and investment. This was a consulting exercise where the primary objective was to conduct the Risk Assessment and develop the Risk Catalogue. Subsequent to which, the existing delivery team on the customer side had the responsibility to conduct the test execution. We did not have access to any additional data points or supporting facts post production to substantiate any further benefits due to this exercise. 2015, HCL TECHNOLOGIES. REPRODUCTION PROHIBITED. THIS DOCUMENT IS PROTECTED UNDER COPYRIGHT BY THE AUTHOR, ALL RIGHTS RESERVED. 7

ABOUT HCL About HCL Technologies HCL Technologies is a leading global IT services company working with clients in the areas that impact and redefine the core of their businesses. Since its emergence on the global landscape, and after its IPO in 1999, HCL has focused on transformational outsourcing, underlined by innovation and value creation, offering an integrated portfolio of services including software-led IT solutions, remote infrastructure management, engineering and R&D services and business services. HCL leverages its extensive global offshore infrastructure and network of offices in 31 countries to provide holistic, multi-service delivery in key industry verticals including Financial Services, Manufacturing, Consumer Services, Public Services and Healthcare & Life sciences. HCL takes pride in its philosophy of Employees First, Customers Second which empowers its 100,240 transformers to create real value for customers. HCL Technologies, along with its subsidiaries, had consolidated revenues of US$ 5.7 billion, for the Financial Year ended as on 31 st December 2014 (on LTM basis). For more information, please visit www.hcltech.com About HCL Enterprise HCL is a $6.8 billion leading global technology and IT enterprise comprising two companies listed in India HCL Technologies and HCL Infosystems. Founded in 1976, HCL is one of India s original IT garage start-ups. A pioneer of modern computing, HCL is a global transformational enterprise today. Its range of offerings includes product engineering, custom & package applications, BPO, IT infrastructure services, IT hardware, systems integration, and distribution of information and communications technology (ICT) products across a wide range of focused industry verticals. The HCL team consists of over 105,699 professionals of diverse nationalities, who operate from 31 countries including over 505 points of presence in India. HCL has partnerships with several leading global 1000 firms, including leading IT and technology firms. For more information, please visit www.hcl.com Hello there! I am an Ideapreneur. I believe that sustainable business outcomes are driven by relationships nurtured through values like trust, transparency and flexibility. I respect the contract, but believe in going beyond through collaboration, applied innovation and new generation partnership models that put your interest above everything else. Right now 105,000 Ideapreneurs are in a Relationship Beyond the Contract with 500 customers in 31 countries. How can I help you?

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information