Monday, June 21, 2010

Towers de SOA Testing

In an attempt to understand and learn SOA, i did an extensive research and have collated my findings as below. Hope this will help the beginners like me.


As Service Oriented Architecture (SOA) begins to form the fabric of IT infrastructure, active and aggressive SOA testing has become crucial. Comprehensive Functional, Performance, Interoperability and Vulnerability Testing form the Towers of SOA Testing. Only by adopting a comprehensive testing stance, enterprises can ensure that their SOA is robust, scalable, interoperable, and secure.

Web Services have blurred the boundaries between network devices, security products, applications and other IT assets within an enterprise. Almost every IT asset now advertises its interface as a Web Services Definition Language (WSDL) interface ready for SOAP/XML messaging. Web Services interfaces provide unprecedented flexibility in integrating IT assets across internal and external corporate domains. Such flexibility makes it the responsibility of IT staff from all domains such as Developers, Network Engineers, Security & Compliance Officers, and Application QA Testers to ensure that their Web Services work as advertised across functional, performance, interoperable and security requirements.

Towers de SOA Testing

Tower I: Functional & Regression Testing

Functional and Regression Testing is the First tower of testing SOAs. IT Professionals need to quickly test Web Services and setup desired regression Test Cases. Ease-of-use in setting up such tests encourages technologist with varying skills and responsibilities to test their Web Services quickly and often.

Tower II: Performance

Performance is the Second Tower of SOA Testing. QA Testers, Network & Security Engineers should test the scalability and robustness of Web Services and determine performance and endurance characteristics of their WSDL operations. Testers should determine response times, latency, throughput profiles for target Web Services. In addition to performance profiles, tester should run test for a specified duration for measuring endurance and robustness profiles. They also need to determine scalability by bombarding target Web Services with varying SOAP messages across a range of concurrent loading clients.

Tower III: Interoperability

While loading a Web Service WSDL, consumer applications need to determine both design-time and run-time interoperability characteristics of the target Web Services. Developers should run a set of comprehensive WSI Profile tests and report interoperability issues with the Web Services WSDL. Adhering to WSI Profiles ensures that SOA assets are interoperable and that WSDL can work within heterogeneous .NET & Java environments.

Design-time WSDL interoperability testing is not enough. Run-time Interoperability testing is also necessary. Testing the interoperability of a Web Services requires creating specialized test suites for a WSDL. These tests ensure that the target Web Services are interoperable by actively sending specialized request to the Web Services and determining whether the Web Service responds per WSI Profile specification. Comprehensive design-time WSDL WSI Profile testing combined with active run-time Web Service interoperability behavior testing ensures that IT assets can integrate independent of platform, operating system, and programming language.

Tower IV: Vulnerability Assessment

Vulnerability Assessment is the Fourth Tower of SOA Testing. Active Web Services Vulnerability Assessment is an emerging area of SOA testing. By creating specialized tests for a target Web Service, security officers can measure the vulnerability profiles of the target Web Service. Security Engineers need to ensure that Web Services vulnerabilities such as buffer overflows, deeply nested nodes, recursive payloads, schema poisoning and malware traveling over SOAP messages do not affect their critical Web Services. They need the ability to rapidly scan Web Services and assess areas of exposure, determine severity levels, provide vulnerability diagnosis, and publish remediation techniques. Web Services Vulnerability Assessment is a crucial pre-production and post-production step that every .NET and Java developer and security professional must take to ensure risk mitigation within their Service Oriented Architecture.

Finally SOA – it is and it is NOT?

• Service-Oriented Architecture is an architectural strategy that helps achieve closer business-IT alignment, by taking a three-dimensional perspective of the enterprise. The three dimensions being: technology, people and processes.
• The key aspect of SOA is to make business functionality available as a set of well governed, standards based, loosely coupled services and processes, defined in a flexible and agile manner.
• SOA is an infrastructure-based architectural approach to deliver business ‘functionalities’ as ‘shared services’ by using open standards and/or protocols of communication.
• SOA is an approach that allows for implementing business ‘capabilities’ that can be consumed as services.
• SOA is not about technology specific design or architecture – it is business driven (through capabilities and functionalities/functions) for service enablement of the processes!

Reference:- Internet research

~Manav Ahuja

Friday, May 28, 2010

Achieving exhilarating Customer Delight, in turbulent times…

In all the bloodshed in economies across globe, no one is immune. Each one of businesses have got impacted except (bankruptcy lawyers of course). So how it has impacted the IT industry in general the big engagements? Many of us might ponder - what heck, i don't care, i have a job and i know how to survive this storm.

Do we really know?
Do we really know how to sail through?
Do we really know how we can keep our flags high and achieve the Customer Delight in these turbulent times.

To help ourselves lets interview ourselves:

We: What are Top 2 Current IT Challenges?
I: Personally i feel

a) The first impact of the overall liquidity crisis is already popping out - some funds have decided to go slow or sudden "No investment plans" have become the norm. It may get worse (or already is) before it gets better.

b) Since the economic issue here is not the equity markets but the credit market there is a significant risk not just to growth but even sustenance of current state.

We: Do we have ready made quick fix solutions?
I: Are we dreaming. Lets wake up to reality, its a mess we created and we need to clean up, there are no shortcuts.

We: How to get Customer Delight in this turbulence?
I: Good question, I feel,

1. I call it as "Keep your blinkers on" - Focus on our existing lines of business and focus on customers pains.

2. Postpone the more uncertain long term strategies if required.

3. Ask our customers - Lets partner to help relieve your pains and strategize accordingly to help them zoom through this current mess.

4. Think about how this downturn affects our customers / partners Vs how does it affect us.

We: That's good, but are there any actionizable thoughts for keeping afloat?
I: Abundant, In fact each person if soliloquy,can share varying perspectives. Here are a few of mine:

1. First and foremost - Lets target and Keep our team together - share and celebrate successes, be transparent about challenges. Invest in our best people.

2. Since we cannot manage economy, so lets manage everything else - our business and circle of influence.

3. Lets throw out the models and spreadsheets, because all assumptions will be wrong. Just
* Focus on quality.
* Reduce risk.

4. Lets not target getting ahead but let "surviving/sustaining" be the "cool" mantra. After-all this era is an era of survival of the quickest.

5. Lets be brutal when it comes to raising red flags during Go-No go and even Risk management. There should be "No waiting zone" for escalation(s) at any stage of our engagement.

6. Most importantly, we all are at key decision making roles so "Lets be true to ourselves". No appeasing-pleasing the boss / sycophancy will really work. Its a time for real circus and let we be the real jokers.

7. Focus on long term objectives and quality.

8. Lets target ONLY on our B&B (bread and butter) and deliver value in that. All add-ons can come as situational commodities.

9. Lets avoid being mind share oriented.

10. For everyone at senior levels, I know "Revenues are vanity, profits are sanity", but defer this for a while and lets be more niche for our B&B (bread and butter) than being generalist even in that.

11. Since V-shaped recovery is far from likely, so lets Go on the offensive and pound on our competitors’ shortcomings.

12. Be aggressive with our messaging and be out there. In a downturn, i feel, aggressive PR and communications strategy is key.

We: Thanks for your insights.
I: Pleasure is mine. Thanks for privilege.

Saturday, March 06, 2010

13000+ e-separate Infosys in 1 month

Infosys gets a wakeup call, when over 13000+ headcounts, walk out of the lush green campuses across the country, that too in just 1 month. This exodus marks the wakeup call for the elite senior management, board of directors who have been in denial mode for last 4 years. Denial of what? Well denial of strategically well planned, but most deadly executed headcount (UN) friendly policies. Policies such as

a) Internal mandatory certifications. This most illogical mandate rolled out somewhere in 2006, hit many road blocks right from day one. Reactive and run time changes were implemented. Management who created this with a vision to mark it as one of the USP's of Infosys in already bleeding software outsourcing market. With a vision to take a lead from its #1, 2, 3, competitors - Wipro, TCS, CTS etc.
The hardest hitting shot was, when it got tied with the compensation and promotion of a headcount through the CRR cycle.

b) CRR - well not sure where it was copied from, even though management claims to have inherited and improvised it after a huge research on companies which had somewhat similar appraisal parameters. Believe me, this is most ridiculous way of getting people rated for the performance. BTW not directly, but in relevance to some of the most morons you might have in the parallel groups. And you end up being rated as good as your manager can represent you.This has parameters coming from across not only performance. Everything gets overridden by your adherence to the non relevant certification (a) to even the progressions and promotions as per new iRace.

c) iRace - Performance DOESNOT matter - yes, it’s a race, a hapless race mandated with shrewd bullyness in a typical top down approach. # of years of experience is what governs your designation. Only designation, yes, because in Infosys, the culture has been such that you will be appraised as per your designation, but soaked as per the one level up, because that’s the role you play. If you are a fast tracker, mind you there are many levers that will pull you so that you cannot win in the (i)race

Recently, Mr. NRN, was addressing a gathering and to his sudden surprise, he was showered with the cruciatingly hard fact based questions. First as usual to a big corporate guru, he jumped into the denial zone. But when he couldnot weather the storm, he took refuge in accepting a little bit and saying that senior management needs to investigate there seems to be an issue.

Just a few days later, the corporate HR head - Nandita Gujar, wrote some kind of blog in infy intranet, which was thronged by a very very hard hitting almost 3000 headcounts. The fact is that unlike NRN, they didn’t take a refuge in any anonymity, but rather used their very own names, designation and employee id's.

O yeah this reminds me to a funny incident which will culminate the mentality within middle management as well. I was a part of this very middle management and was working closely with my offshore peer. One background, I was a fast tracker and he is a veteran of over 16 years at infosys.But we were peers. Don’t conclude yet...please read below

There arise a little argument during our discussion and when he couldn’t question the authenticity of my logic he asked me "What is your employee id"?

I was stunned to irrelevancy with the discussion. It was just like the mapping of certifications with the designations of headcounts.

Anyhow, I told him but counter questioned why? The answer I got is "I wanted to know how long you have been at Infosys" wonder his is the kind of people who can stay and survive the hypocrisy which prevails inside the fake brand name, for which people like me fell.

Before i close this post:- Latest update:- Infosys has created 9 tracks to do "research" into the issues in each of the illogical policies which got implemented and thus resulted in huge exodus. These tracks are like a democratic country creating a committe for any cause of revolution.