Series:
(Disclaimer: The
manuscript is my personal view and is not affiliated to any groups or
organizations)
In the first phase, as our goal is to make minimum but essential
changes across the board, attempt to carry forward the same test strategy already
in place. However, with Cloud there are certain areas where the focus and
approach has to be different, some of the tests should be more intense than
others.
Please note that infrastructure should be hardened by
now. Tasks such as change default passwords, firewall setup (ACL), etc. are
considered as infra hardening. It is a prerequisite to the overall different
categories of testing.
 |
| Testing Categories |
All these categories of test should already be in place
currently. However with Cloud some tests should adapt to address the
application migration to Cloud.
#1 Application Unit Test: - This category needs minimal
change. Some of the application level code however, need to be refactored to
address the need of Cloud e.g. in persistence layer uploading a file to Azure
storage (or AWS S3) has to be done differently than uploading to a local store
in DAS, NAS, or SAN. Necessary design principles and patterns such as delayed
upload (application responsibility), parallel upload (most of the time SDK
should already cover this), etc. for file upload should be followed.
#2 Application Integration Test: - Different system
integrations (availability of the system should be monitored persistently) should
be continued to be tested. However, not that DevOps might need to re-configure and
work with different system’s teams to address issues such as whitelisting of
IPs of Azure infra, etc.
#3 Application Functionality Test: - This category doesn’t
entail any change. However, the results has to scrutinized more deeply keeping
in mind that the infra has moved to Azure and the systems those are integrated
might not use the same infrastructure as before such the connectivity from
Azure to the integrated systems might go over public rather than private.
#4 Application Security Test: - This category doesn’t warranty
any change. However, the test cases should address the infra change and user
data storage as the user data might compel to handle privacy which could have
triggered to encrypt data.
#5 App Endurance Test: - Should already be covered as a
part of Performance test covered in previous blog post.
#6 App Load Test: - Same as above. But not that this effort
need communication with Cloud provider.
#7 Data Security Test: - Ensures that both User data and
application/software generated logs are adequately secured.
#8 Infrastructure Security Test: - Covers security
personnel access mechanism, policy, and governance of credential assets, etc.
#9 Infrastructure Endurance Test: - This category is
critical and is the most complex to cover and yet the most important test.
Write script (or use Chaos Monkey from NetFlix for AWS like tool) to randomly
shutdown and bring up different Azure hosted components.
In general #1 through #5 categories doesn’t entail a lot
of complexity and hence doesn’t need a lot of changes. However, #6 through #9
categories needs more attention.
No comments:
Post a Comment