Testing of SOA Applications

Ananthakrishnan J

Architect, Sonata Software

Sonata Software Limitedwww.sonata-software.com

Testing of SOA Applications

Author

Prakash D

Technical White Paper

Technical White Paper www.sonata-software.com

SOA Testing White Paper 1 Sonata Software Limited

STATEMENT OF CONFIDENTIALITY

Information included in this document, in its entirety, is considered both confidential and proprietary to

Sonata Software and may not be copied or disclosed to any other party without its prior written

consent.

All logos used in this document are registered trademarks of the respective organizations.



Abstract

This White Paper delves into the reasons for the increasing popularity of Service-Oriented Architecture (SOA) applications and the importance of testing them. It also explains the methodologies and processes that must be used to test SOA applications.

About the Author

Prakash D. is working as an IT Consultant with Sonata Software. With Sonata for about four years, he has 6+ years of experience in the area of Software Testing.

Currently, Prakash is handling the Quality Team for a financial application of one of the leading banks based in the Nordic region.

If you would like to interact with the author of this White Paper, feel free to contact us.

To read more about our views on technology, do visit www.sonatablogs.com

mailto:[email protected]



Contents

1. The Momentum for Service-Oriented Architecture (SOA) ……………………………………………………………...4

2. Challenges in SOA Testing……………………………………………………………………………………………………………….5

3. Best Practices for SOA Testing…………………………………………………………………………………………………………6 a. Test Model…………………………………………………………………………………………………………………………………6

b. Test Approach……………………………………………………………………………………………………………………………7

4. SOA Testing: Phases………………………………………………………………………………………………………………………..9 a. Governance Testing…………………………………………………………………………………………………………………..9

b. Unit-Level Testing……………………………………………………………………………………………………………………..11

c. Service-Level Testing…………………………………………………………………………………………………………………11

d. Integration-Level Testing…………………………………………………………………………………………………………..11

e. System-Level Testing…………………………………………………………………………………………………………………11

f. Phase Activities and Deliverables………………………………………………………………………………………………14

5. Summary………………………………………………………………………………………………………………………………………..15

6. Case Study …………………………………………………………….……………………………………………………………………….16



1. The Momentum for Service-Oriented Architecture (SOA)

Given a highly competitive business landscape, it is imperative for enterprises to be agile in order to survive the rapid changes in technology and business environments, and stay ahead of competition. In practice, this translates into the ease of adding new business models, services and functionalities in response to changing market conditions, competition, etc., with minimal disruption and alterations in the existing IT implementation.

Leading companies around the world are embracing Service-Oriented Architecture (SOA) as a route to benefits in terms of component re-usage, increasing business agility, and reduction of costs and risks.

A recent survey of over 300 corporate IT executives – Enterprises and SMBs -- in North America and Europe revealed the following factors as key drivers for the adoption of SOA:

“Which of the following have been major drivers for SOA adoption?”

Figure: 1

Source: Forrester Research

85% 83%

70% 68%

11%

74% 75%

60%57%

5%

Improved application flexibility

Improved business flexibility

Lower app dev time frames, costs

Lower business costs

Other

Enterprises SMBs



A critical success factor for the adoption and deployment of SOA applications, and the realization of its intended benefits, as depicted in the figure above, is rigorous testing. With loosely coupled application components delivered as services, QA teams in organizations must focus on complete testing of business workflows across multiple technology layers of the SOA application.

This brings to sharp focus the approach adopted by companies for testing SOA implementations. This White Paper focuses on the following aspects of SOA testing:

Challenges in testing SOA applications

Description of the test model and approach

Different levels of testing in conjunction with governance best practices

2. Challenges in SOA Testing

SOA is a collection of loosely coupled services that integrate business services from multiple applications to deliver end-to-end support to business processes. Verification and validation of interfaces and services (internal / external) that bring together diverse systems and platforms, coupled with allied performance and security considerations, make the testing of SOA applications really complex.

Some of the other challenges that render conventional testing approaches ineffective while testing SOA applications are:

Figure: 2

No user interface for the services in SOA applications

Lack of visibility into loosely-coupled business level services

Dependency on availability of any internal or external services

that offer a business function to perform E2E testing

Multi-skilled test teams: domain, technology and testing knowledge

Availability of test environment which may bring together multiple applications/services



3. Best Practices for SOA Testing

SOA testing needs to be oriented toward the business process flow connecting components, services and data in order to execute end-to-end testing. The right approach should employ the appropriate test model and test methodologies, and leverage a multi-phased testing cycle covering all layers of the SOA application.

a. Test Model

The V-Model is one of the most suited test models for SOA testing as it implements testing activities such as Design, Analysis, Planning and Execution throughout the SOA project lifecycle.

Figure3: V-Model

User Requirements

Functional Specification

Technical Specification

Program Specification

Build

Unit Test Integration Test

System/Service Test

Acceptance Test

Governance Standards • WSDL Validation • Message

Validation • XML Schema

Validation • WS-I

Interpretability • Service Delivery • Service Change

Management

• Functional Test • Performance

Test • Security Test

• Unit Testing • Governance Testing • Functional Testing • Performance Testing • Security Testing



This model follows a ‘top-down’ approach for defining user requirements and a ‘bottoms-up’ approach for testing all the services individually as well as collectively and finally, for testing the entire business system.

b. Test Approach

Test planning becomes crucial for SOA solutions since many of them do not have a user interface, while the ability to test multiple types of components simultaneously to form a business process calls for the right approach.

In the ‘bottoms-up’ approach -- adopted for successful SOA testing -- the application’s architecture is broken down to its components, which are then tested, beginning with the ones in the lower layers and subsequently, moving to the ones in the higher layers. The test plan includes details of how all of the components work independently and collectively.

Figure: 4

Monitoring and event management layers

Process

Services

Data Services

Data Abstraction

Database Reg/Rep



The ‘bottoms-up’ approach of SOA testing has several benefits, such as:

Testing of each of the services of SOA architecture -- from data abstraction to data services,

monitoring and event management layers.

Testing of individual functions within a service for Governance, Functionality, Performance

and Security.

Formal peer reviews against each service to ensure that it complies with the organizational

standards as well as to identify potential interoperability, performance and security defects.

Execution of compliance testing throughout the project lifecycle to ensure enforcement of

the standards and policies.

Managing changes to the existing policies.

SOA testing approaches, in conjunction with Open Source tools, can be used to plan, manage and automate the functional and performance testing of SOA applications, as well as integrate them with Web Services-Interoperability (WS-I) standards formulated by the Web Services-Interoperability Organization.



4. SOA Testing: Phases

SOA testing can be classified into the following phases:

Governance Testing

Unit-Level Testing

Service-Level Testing

Integration-Level Testing

System Testing

a. Governance Testing

SOA governance refers to the standards and policies that govern the design, build and implementation of an SOA solution, and the policies that must be enforced during its design-time, run-time and change-time.

Figure: 5

Design-time Governance

Run-time Governance

Change-time Governance

• Verifying that a service is meeting with the Web Services interoperability (WS-I) Standards

• Verifying the Services and their interfaces meet the desired recommended standards and practices

• Checking a service against standard rules before it is deployed into production

• Securing services so that they are accessible only to authorized consumers having appropriate permissions and that data is encrypted if required.

• Validating that service operates in compliance with prescribed organizational standards at run-time

• Understanding the service relationships and dependencies.

• Determine impact changes and root cause • Managing changes to existing policies and service level

agreement



The following checklist identifies the key technical and functional requirements of an SOA governance solution, and can be used to assess the completeness of a governance implementation strategy.

Table: 1

Service Publication

WSDL (Web Service Definition Language) Validation

Validation of:

Web service endpoints

the structure of elements and attributes

namespaces

Message Validation

Validation of:

message body against its schema definition

SOAP (Service-Oriented Architecture Protocol) envelope and structure in accordance with the WSDL and SOAP schemas

the header details of SOAP messages

HTTP requests and responses

secure end-to-end points identification in messages

XML Schema Validation

Validation of:

the structure of elements and attributes

namespaces

data types in XML schema Verification of:

authorized access to services

Standard Interpretability

WS-I Interoperability

Validation of:

SOAP request

SOAP response messages

Service Delivery SLA Management

Validation of:

performance time defined in the SLA

response times under an increasing load as defined in the SLA

Service Change Management

Impact analysis to determine the implications of changing a particular service within the run-time environment

Managing changes to the existing policies and service level agreement



b. Unit-Level Testing

Unit-level testing is executed to ensure that the components and functions of a service are working as per the specifications.

In unit-level testing, the smallest piece of testable software in the application is isolated from the remainder of the code and tested to validate it against its expected behavior. All the components of the application are tested individually before integrating them into a service.

In unit testing, it is necessary to perform formal peer reviews of the code to ensure that it is in accordance with the organizational standards and to identify any functional, performance and security defects.

c. Service-Level Testing

Service-level testing is carried out with the objective of ensuring that the service meets the requirements as specified. More importantly, it should also verify if the service meets the business and operational requirements of the other processes using it.

d. Integration-Level Testing

The integration test phase focuses on evaluation of the service interfaces. The purpose of integration testing is to determine whether the interface behavior of and information sharing between the services are working as specified or not.

To ensure that all the services delivered to the test phase comply with the defined standards, format and data validation, the test phase also includes testing of the internal as well as external services of the organization.

e. System-Level Testing

System-level testing ensures that the application meets the business acceptance criteria at the overall system level.



The following table shows the various testing phases and the test types applicable in each phase:

Test Phase

Functional Performance Security Inter-

operability Backward

Compatibility Compliance

Unit-Level

Testing Yes Yes Yes Yes Yes Yes

Service-Level

Testing Yes Yes Yes - - Yes

Integration-Level Testing

Yes - Yes Yes Yes Yes

System-Level

Testing Yes Yes Yes Yes Yes Yes

Table: 2



Figure 6: End-to-End SOA Testing

Defect Management

Test Execution

Governance

Test Management

Requirement Management

Deliverables Test

Execution

Functional Testing

Performance Testing

Security Testing

Design Time Run Time Change Time

Test Strategy Test Plan Design Test Cases

Test Scripts

Test Data Traceability

Analysis Requirement Management

• Automation Approach

• Test Plan • Test Scripts • Test Reports

• Functional • Governance • Performance



f. Phase Activities and Deliverables

Testing of SOA applications is usually broken down into four activities. Under each process, certain deliverables are provided for:

Initiation: In this process, Understanding Document, Transition Plan and the Test Methodology Document are prepared.

Test Management: In this process, the Test Plan / Test Strategy and Test Cases / Test Scripts are prepared.

Test Execution: In this process, Test Reports, Web Services, Interoperability Report, Conformance Report and Performance Report are created.

Defect Management: This is the last process in the testing of SOA applications. At this stage, the Defect Summary Report is generated.

Figure 7: Deliverables

Initiation Test Management

Test Execution Defect Management

• Understanding Document

• Transition Plan • Test

Methodology Document

• Test Plan/Test Strategy

• Test Cases • Test Scripts

• Test Reports • Web Services • Interoperability

Report • Conformance

Report • Performance

Report

• Defect Summary Report



5. Summary

A highly competitive business environment, coupled with rapid technological changes, necessitates it for organizations to embrace SOA in order to stay ahead of competition. SOA is a collection of loosely coupled services that integrate business services from multiple applications to deliver end-to-end support to business processes. A critical success factor for the adoption and deployment of SOA applications by organizations is rigorous testing.

However, verification and validation of interfaces and services – both internal and external -- that bring diverse systems and platforms together, along with allied performance and security considerations, make testing of SOA applications really complex.

Moreover, there are a number of other factors that pose a challenge in testing SOA applications with conventional testing approaches.

End-to-end testing of SOA applications requires the use of the right approach – one with the appropriate test model and test methodologies, and which leverages a multi-phased testing cycle covering all layers of the application. The V-Model is one of the most suited test models for SOA testing as it implements testing activities such as Designing, Analysis, Planning and Execution throughout the SOA project lifecycle.

For successful testing of SOA applications, the ‘bottoms-up’ approach is very widely used. In this approach, the application’s architecture is broken down to its components. Initially, each component in the lower layers and subsequently, the higher layers, is tested individually. The test plan includes details of how all of the components work independently as well as collectively.

SOA testing can be classified into five phases -- Governance Testing, Unit-Level Testing, Service-Level Testing, Integration-Level Testing and System Testing -- and four activities:

Initiation

Test Management

Test Execution

Defect Management

Testing of SOA applications through these methodologies and processes not only ensures their re-usability and agility but also smooth functioning of their component services when integrated into applications.



6. Case Study

Here is a Case Study that showcases a success story where Sonata has implemented end-to-end SOA testing solutions. Sonata’s test automation framework for SOA environment reduced the total automation effort by 30%.

Client

For a leading player in the airline industry, Sonata provided a complete packing of end-to-end SOA testing solutions.

Business Scenario

The customer had developed a new Crew Management application and was part of the overall SOA architecture. The application accesses the SOA services which are shared across multiple applications and modules. The load on the SOA services was heavy as 3000 users would be using the application. Hence the client was looking at an end to end SOA testing solution.

Solution Provided

Sonata provided end to end SOA testing solution including functional, compliance, performance and security testing services which included:

Test consulting

Tool evaluation and selection (SOAP UI was selected)

Keyword driven test automation framework for functional testing

Development of automation test scripts

Providing an automated regression pack across levels and execution

Performance testing including load, stress and volume

Security testing based on OWASP Top 10 standards

Compliance testing

Benefits:

Sonata’s test automation framework for SOA environment reduced the total test automation efforts by 30%

Regression test pack helped in providing the required stability during the continuous change process

The Performance and Security bottleneck identified during the service level testing helped in reduced Time-to-Market of the application

The identification of the performance characteristics of the application, helped in improved business decisions.



CORPORATE OFFICE APS Trust Building Bull Temple Road, N. R. Colony Bangalore 560 019, India Tel: 91-80-3097 1999, Fax: 91-80-2661 0972 Email: [email protected] WORLDWIDE OFFICES Dubai Office # 507, Thurraya Tower No.1 P O Box 502818, Dubai Internet City Dubai, United Arab Emirates Tel: 971-4-375-4355, Fax: 971-4-424-0132 Email: [email protected] Germany TUI InfoTec GmbH Karl-Wiechert-Allee 4 30625 Hannover, Germany Tel: 49-511-567 5296 Email: [email protected] India 6, Richmond Road Bangalore - 560 025, India Tel: 91-80-3097 3299, Fax: 91-80-2248 4045 Email: [email protected] 193, R.V. Road, Basavanagudi, Bangalore - 560 004, India Tel: 91-80-3097 2999, Fax: 91-80-2656 7487 Email: [email protected] Sonata Towers, Global Village, Pattenegere & Mylasandra, RVCE Post, Mysore Road, Bangalore - 560 059, India Tel: +91-80-3097 1499 Email: [email protected] 1-10-176, Begumpet Main Road Opp. Hyderabad Public School Hyderabad - 500 016, India Tel: 91-40-3981 3899, Fax: 91-40-2776 4831 Email: [email protected]

Singapore 1, North Bridge Road, #19-04/05 High Street Center Singapore – 179094, Singapore Tel: 65-633-724-72, Fax: 65-633-740-70 Email: [email protected] UK 5, Churchill Court 58, Station Road, North Harrow Middlesex HA2 7SA, UK Tel: 44-20-8863 8833, Fax: 44-20-8863 5533 Email: [email protected] USA 39300 Civic Center Drive, Suite 270, Fremont, CA 94538, USA Tel: 510-791-7220, Fax: 510-791-7270 Email: [email protected] 2018 156th Ave NE, Suite 100, Building F, Bellevue, WA 98007, USA Tel: 425-372-2167, Fax: 425 484 7799 Email: [email protected] 1901 North Roselle Road, Suite 800, Schaumburg, IL 60195, USA Tel: 847-517-6310, Fax: 847-517-6313 Email: [email protected] 11330 Lakefield Drive, Bldg #2, Suite 200 Duluth, GA 30097, USA Tel: 770-814-4213, Fax: 678-623-0236 Email: [email protected] 275 Grove Street, Suite 2-400 Newton, MA 02466, USA Tel: 617-663-4866, Fax: 617-663-6127 Email: [email protected] 212, Carnegie Center, Suite 206 Princeton, NJ 08540, USA Tel: 609-919-6325, Fax: 617-663-6127 Email: [email protected]

If you have any experiences related to software security guidelines that you would like

to share with us, please write in to us on [email protected]



mailto:�[email protected]













Testing of SOA Applications

Documents

Transcript of Testing of SOA Applications