Welcome!

Microservices Expo Authors: Liz McMillan, Elizabeth White, Pat Romanski, Automic Blog, Mamoon Yunus

Related Topics: Microservices Expo, Java IoT, Industrial IoT, @CloudExpo

Microservices Expo: Article

Make Sure It Doesn’t Suck: Good App Testing Despite Vague Requirements

What Are We Testing For?

Where do I start? What am I doing? (Why am I even here?) Have you ever asked yourself these questions at the beginning of a performance testing project? Have you been one of the many test engineers who have been delivered an application and told to "just test it"? (True story: I was once handed off an application to lead a performance testing project on with these words of guidance, "Just test it to make sure it doesn't suck"). If you are one of the fortunate performance test engineers who have a well-defined process in place in your organization that dictates what are you testing, what you are looking for, etc., then this discussion might not be for you. But for the rest of us, those of us that might need a little guidance in starting our project, read on......

What Are We Testing? What Are We Testing For?
I don't believe there is any one right way to approach a load testing project. And while there may be several different methodologies, I think ultimately they all take us in the direction of identifying a similar starting point. And while my discussion here certainly will not include every detail one should consider, my goal is to provide you with some ideas and practices to get you on your way.

Before we can begin any kind of testing project, we need a game plan. We need to know what we will test and what determines a successful test. We need to determine whether the application we're testing is "good" or "bad". It's common to think that only functional tests have pass or fail conditions but load tests should usually also have criteria defined to dictate whether the application's performance passes or fails.

Essentially what we're talking about here is coming up with the best approach to develop a load/performance testing Test Plan...or at least the "goals" part of a test plan. (A good test plan should include a lot of additional information - schedules, roles of team members, tools to be used, etc. - that I won't discuss here). The key is determining how we're supposed to approach this application-to-test that was just presented to us.

This game plan should be comprised of three pieces. One, what is the activity that the end users of the application do? (What are our use-cases?) Two, how many of these users are there doing whatever they do? (What is our workload, e.g. concurrency and/or transaction rate?) And finally, how fast do we need the application to allow these users to whatever they do? (What are our performance requirements)? Let's take each one of these at a time.

Identify Use Cases
Now that I have this new application in my hands, how can I determine what a user is supposed to do with it? The best approach to answer this question is usually simply to ask someone. Ah, but who to ask? Ideally, a good start would be to find someone involved in developing product requirements. At some point someone had a thought, "We should build an application so that users can do something". Identifying who that person was and what that "something" is, is the key.

I typically like to start with someone in product marketing or product management - someone who has done the work to create the user scenarios that the development team has implemented. If you're lucky, you might be able to find a Marketing (or Product) Requirements Document that has this information documented. Otherwise, a conversation with someone in that department might prove very useful.

If this information is not documented anywhere (gasp!) and the application is one that is currently in production, there will probably be some useful information in the log files captured in the application's infrastructure. Ask your web or application server administrative team if this is information they capture. They may use tools like Omniture, Coremetrics, Web Trends or Google Analytics that can help provide this. If they don't, it's usually possible to turn on some sort of logging for a period of time (a day or two perhaps) so that tracing user activity can be captured. In addition, getting access to actual end-users could be very helpful. As a performance engineer, it's probably not feasible that you have contact with the user community but this is a conversation you might be able to start with another internal resource - customer or technical support teams, sales representative, or (again) marketing folks.

Finally, common sense is an approach that can be very useful. (As obvious as this may seem, I'm constantly surprised by the number of times "common sense" is overlooked). Take a look at the application itself and decide what it is that YOU might do if you were an end-user. If you're testing an online store type of application, it's a pretty good bet that users are going to browse through the product catalog, add items to a shopping cart and make a purchase or two. Online banking customers are probably checking their balance and paying bills... you get the idea.

Generally speaking, you should not waste time trying to identify every single use case through the application since the bulk of user traffic will be captured in only a few transactions. Keep in mind the famous "80/20 rule"; that is 20% of the transactions cover 80% of application's core functionality.

Calculate Workload
So now you've got a start on identifying the first piece of the load test project puzzle; the use cases to be modeled in your load testing processes and/or load testing tool. Next we need to identify the actual workload that will be used in our load testing - that is, how many simultaneous users that will be sending network traffic against the application we're testing.

The best process to find out this information follows that of identifying the use-cases that we discussed earlier - again, try talking to someone "in the know". The application's specification documents should detail the expected user load or expected transaction rates. If they don't and you are to test an application which is already in production, working with the administrators of the applications architecture can again be helpful. They should be able to give you a sense of what sort of user load the application has experienced. When looking at this data, be sure to use a wide enough data sample to find the peak load the application has seen.

If this is an application that is not in use yet, many of the same principles we discussed in determining use cases apply; talk to marketing people, determine what the expected loads are. Even if you are conducting tests due some expected increased load in the application; a sale or promotion, an expected seasonal rush, rolling out an internal application to a new set of employees, etc., the hope is the expectation of load has been documented somewhere.

You may also be able to determine the number of users to test for by using a formula known as "Little's Law". This formula is only really applicable if you have either determined baseline throughput (transactions per second) and transaction response times or if you have desired requirements for both. But if you do have this information, using this formula is a great way to figure out how many users to test for:

  • Number of Users = Response Time * Transactions/second

There are many articles on the web about Little's Law and the different ways it can be applied. If you have access to the "inputs" of this formula, I'd recommend doing some extra research and seeing how it might be of use to you.

Generally speaking, once I determine the peak usage load my application will handle (or hope to handle) in production, I will conduct load tests scaling to 110% of that number.

Establish Performance Requirements
So now we know how to find what use cases to model and how many concurrent users to test for. Now what? Surely we can start to execute some load and performance tests, no? Well yes we can. However, it seems that we still don't know what we are testing for. I.e. why are we even conducting this project?

This is where developing good requirements come in. As I mentioned earlier, we need to figure out just what we're looking for as the results of our testing. To me, test requirements fall into two high-level buckets: Baseline/Benchmark or Performance Requirements.

A Baseline or Benchmark test doesn't usually have any detailed pass or fail criteria. Instead it allows you to provide results that state, "under these circumstances, the application performed like this". Benchmark tests can of course be very useful for examining the impact of infrastructure changes. Conduct an initial baseline test, modify the infrastructure, run the exact test again and compare the "before" and "after" results. The results of your initial baseline test can always serve as a performance benchmark.

Performance requirements on the other hand can help us determined whether the application is ready to be delivered to production.

What just is a performance requirement? As I've indicated, this essentially is the indicator of whether your performance test passed or failed. It may be response time-based (e.g. the Login transaction must always be faster than 3 seconds), it may be load-based (e.g. the website must be able to withstand 1000 concurrent users, how many concurrent users will my site handle before it crashes), it may be transaction rate based (e.g. the application must be able to handle 100 orders per minute) or it may be combinations of all of the above. Requirements may also include details on how the back-end infrastructure behaves (e.g. CPU utilization on the database server may never exceed 50%). If the end-goal of our testing is to make a "go" or "no go" decision on system, the more detailed our performance requirements are, the better.

How can I determine performance requirements? Maybe not surprisingly, the source(s) for this information should be very much the same as what we discussed for determining use cases and user concurrency. The various stakeholders (product management, marketing, business analysts, etc.) hopefully have this information documented somewhere. There may be contractual Service Level Agreements in place between your company and a customer, or between teams within your organization. Hunt them down (both the other teams and the SLAs). Or this information might just be stuffed in the back recesses of some stakeholder's brain. As you might have guessed by now, one of the things I hope to have achieved with this article is facilitated communications between the performance test teams and other groups in the organization - something I notice isn't happening in far too many companies.

And similar to what we've discussed earlier, if performance requirements are not easily available and you're hoping to test beyond a baseline, use common sense. What do YOU think is an acceptable wait time before a web page returns?

There are many studies you can find on the internet which discuss acceptable wait times but I'm not sure these are always valid. Plus they seem to change too quickly. It wasn't too long ago that an 8-second response time was the "cut-off" point between good and bad response time. Waiting 8 seconds now seems excessively long... except perhaps if you are using a mobile device. But my point is that it's all subjective and you should determine requirements specific to YOUR application and YOUR user community.

I may not have provided all the answers to the "where do I start?" question here. But hopefully this discussion has given you some clues as to the information you should gather before you begin your load testing project. Ideally you will now have a better sense of where to get some of this information and what some of the thought processes are to fill in any missing pieces on your own.

More Stories By Steve Weisfeldt

Steve Weisfeldt is a Senior Performance Engineer at Neotys, a provider of load testing software for Web applications. Previously, he has worked as the President of Engine 1 Consulting, a services firm specializing in all facets of test automation. Prior to his involvement at Engine 1 Consulting, he was a Senior Systems Engineer at Aternity. Prior to that, Steve spent seven years at automated testing vendor Segue Software (acquired by Borland). While spending most of his time at Segue delivering professional services and training, he was also involved in pre-sales and product marketing efforts.

Being in the load and performance testing space since 1999, Steve has been involved in load and performance testing projects of all sizes, in industries that span the retail, financial services, insurance and manufacturing sectors. His expertise lies in enabling organizations to optimize their ability to develop, test and launch high-quality applications efficiently, on-time and on-budget. Steve graduated from the University of Massachusetts-Lowell with a BS in Electrical Engineering and an MS in Computer Engineering.

@MicroservicesExpo Stories
@DevOpsSummit at Cloud Expo taking place Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center, Santa Clara, CA, is co-located with the 21st International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is ...
With Cloud Foundry you can easily deploy and use apps utilizing websocket technology, but not everybody realizes that scaling them out is not that trivial. In his session at 21st Cloud Expo, Roman Swoszowski, CTO and VP, Cloud Foundry Services, at Grape Up, will show you an example of how to deal with this issue. He will demonstrate a cloud-native Spring Boot app running in Cloud Foundry and communicating with clients over websocket protocol that can be easily scaled horizontally and coordinate...
Docker is on a roll. In the last few years, this container management service has become immensely popular in development, especially given the great fit with agile-based projects and continuous delivery. In this article, I want to take a brief look at how you can use Docker to accelerate and streamline the software development lifecycle (SDLC) process.
DevOps at Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to w...
In his session at 20th Cloud Expo, Scott Davis, CTO of Embotics, discussed how automation can provide the dynamic management required to cost-effectively deliver microservices and container solutions at scale. He also discussed how flexible automation is the key to effectively bridging and seamlessly coordinating both IT and developer needs for component orchestration across disparate clouds – an increasingly important requirement at today’s multi-cloud enterprise.
IT organizations are moving to the cloud in hopes to approve efficiency, increase agility and save money. Migrating workloads might seem like a simple task, but what many businesses don’t realize is that application migration criteria differs across organizations, making it difficult for architects to arrive at an accurate TCO number. In his session at 21st Cloud Expo, Joe Kinsella, CTO of CloudHealth Technologies, will offer a systematic approach to understanding the TCO of a cloud application...
API Security has finally entered our security zeitgeist. OWASP Top 10 2017 - RC1 recognized API Security as a first class citizen by adding it as number 10, or A-10 on its list of web application vulnerabilities. We believe this is just the start. The attack surface area offered by API is orders or magnitude larger than any other attack surface area. Consider the fact the APIs expose cloud services, internal databases, application and even legacy mainframes over the internet. What could go wrong...
The goal of Continuous Testing is to shift testing left to find defects earlier and release software faster. This can be achieved by integrating a set of open source functional and performance testing tools in the early stages of your software delivery lifecycle. There is one process that binds all application delivery stages together into one well-orchestrated machine: Continuous Testing. Continuous Testing is the conveyer belt between the Software Factory and production stages. Artifacts are m...
In IT, we sometimes coin terms for things before we know exactly what they are and how they’ll be used. The resulting terms may capture a common set of aspirations and goals – as “cloud” did broadly for on-demand, self-service, and flexible computing. But such a term can also lump together diverse and even competing practices, technologies, and priorities to the point where important distinctions are glossed over and lost.
In his session at @DevOpsSummit at 20th Cloud Expo, Kelly Looney, director of DevOps consulting for Skytap, showed how an incremental approach to introducing containers into complex, distributed applications results in modernization with less risk and more reward. He also shared the story of how Skytap used Docker to get out of the business of managing infrastructure, and into the business of delivering innovation and business value. Attendees learned how up-front planning allows for a clean sep...
Most companies are adopting or evaluating container technology - Docker in particular - to speed up application deployment, drive down cost, ease management and make application delivery more flexible overall. As with most new architectures, this dream takes a lot of work to become a reality. Even when you do get your application componentized enough and packaged properly, there are still challenges for DevOps teams to making the shift to continuous delivery and achieving that reduction in cost ...
Enterprise architects are increasingly adopting multi-cloud strategies as they seek to utilize existing data center assets, leverage the advantages of cloud computing and avoid cloud vendor lock-in. This requires a globally aware traffic management strategy that can monitor infrastructure health across data centers and end-user experience globally, while responding to control changes and system specification at the speed of today’s DevOps teams. In his session at 20th Cloud Expo, Josh Gray, Chie...
"At the keynote this morning we spoke about the value proposition of Nutanix, of having a DevOps culture and a mindset, and the business outcomes of achieving agility and scale, which everybody here is trying to accomplish," noted Mark Lavi, DevOps Solution Architect at Nutanix, in this SYS-CON.tv interview at @DevOpsSummit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
We have already established the importance of APIs in today’s digital world (read about it here). With APIs playing such an important role in keeping us connected, it’s necessary to maintain the API’s performance as well as availability. There are multiple aspects to consider when monitoring APIs, from integration to performance issues, therefore a general monitoring strategy that only accounts for up-time is not ideal.
Web services have taken the development world by storm, especially in recent years as they've become more and more widely adopted. There are naturally many reasons for this, but first, let's understand what exactly a web service is. The World Wide Web Consortium (W3C) defines "web of services" as "message-based design frequently found on the Web and in enterprise software". Basically, a web service is a method of sending a message between two devices through a network. In practical terms, this ...
In his session at 20th Cloud Expo, Mike Johnston, an infrastructure engineer at Supergiant.io, discussed how to use Kubernetes to set up a SaaS infrastructure for your business. Mike Johnston is an infrastructure engineer at Supergiant.io with over 12 years of experience designing, deploying, and maintaining server and workstation infrastructure at all scales. He has experience with brick and mortar data centers as well as cloud providers like Digital Ocean, Amazon Web Services, and Rackspace. H...
All organizations that did not originate this moment have a pre-existing culture as well as legacy technology and processes that can be more or less amenable to DevOps implementation. That organizational culture is influenced by the personalities and management styles of Executive Management, the wider culture in which the organization is situated, and the personalities of key team members at all levels of the organization. This culture and entrenched interests usually throw a wrench in the work...
When you focus on a journey from up-close, you look at your own technical and cultural history and how you changed it for the benefit of the customer. This was our starting point: too many integration issues, 13 SWP days and very long cycles. It was evident that in this fast-paced industry we could no longer afford this reality. We needed something that would take us beyond reducing the development lifecycles, CI and Agile methodologies. We made a fundamental difference, even changed our culture...
As many know, the first generation of Cloud Management Platform (CMP) solutions were designed for managing virtual infrastructure (IaaS) and traditional applications. But that’s no longer enough to satisfy evolving and complex business requirements. In his session at 21st Cloud Expo, Scott Davis, Embotics CTO, will explore how next-generation CMPs ensure organizations can manage cloud-native and microservice-based application architectures, while also facilitating agile DevOps methodology. He wi...
We have Continuous Integration and we have Continuous Deployment, but what’s continuous across all of what we do is people. Even when tasks are automated, someone wrote the automation. So, Jayne Groll evangelizes about Continuous Everyone. Jayne is the CEO of the DevOps Institute and the author of Agile Service Management Guide. She talked about Continuous Everyone at the 2016 All Day DevOps conference. She describes it as "about people, culture, and collaboration mapped into your value streams....