FC_SDT028.qxp_Layout 1 9/25/19 1:07 PM Page 1
OCTOBER 2019 • VOL. 2, ISSUE 028 • $9.95 • www.sdtimes.com
Full Page Ads_SDT028.qxp_Layout 1 9/24/19 10:16 AM Page 2
003_SDT028.qxp_Layout 1 9/25/19 12:22 PM Page 3
Contents
VOLUME 2, ISSUE 28 • OCTOBER 2019
FEATURES
NEWS 6
News Watch
10
Java language evolves to stay on top
12
UNICEF and Red Hat work to bring internet connectivity to those without
14
Parasoft rolls out Selenic automated UI testing tool
16
Shadow IT doesn’t have to be as dark as it sounds
19
Sparx Systems’ EA 15 Widens Support for Methodologies
22
page 8
CollabNet VersionOne positioned to create DevOps initiatives for large enterprises
From COBOL to Go:
COLUMNS 44
ANALYST VIEW by Rob Enderle The coming mobile disruption
45
GUEST VIEW by Ondrej Krajicekh Edge and cloud: A power couple
46
Why we must support legacy security training and beyond
page 20
INDUSTRY WATCH by David Rubinstein Why our industry must admit #metoo
SOFT W ARE TESTING SHO W C ASE page 29
Evaluating if serverless is right for you
31 Tricentis: Test Automation at the Speed of DevOps 32 Parasoft: Top UI Testing Tools for Selenium Users 35 Mobile Labs Right-Sizes Testing 36 Eggplant Uses AI to Keep Users Happy, Drive Value 39 ProdPerfect Removes the Burden of QA Testing 40 Perfecto: Continuous Testing at Scale
page 24
42 Software Testing Showcase
Software Development Times (ISSN 1528-1965) is published 12 times per year by D2 Emerge LLC, 80 Skyline Drive, Suite 303, Plainview, NY 11803. Periodicals postage paid at Plainview, NY, and additional offices. SD Times is a registered trademark of D2 Emerge LLC. All contents © 2019 D2 Emerge LLC. All rights reserved. The price of a one-year subscription is US$179 for subscribers in the U.S., $189 in Canada, $229 elsewhere. POSTMASTER: Send address changes to SD Times, 80 Skyline Drive, Suite 303, Plainview, NY 11803. SD Times subscriber services may be reached at subscriptions@d2emerge.com.
004_SDT028.qxp_Layout 1 9/24/19 12:11 PM Page 4
Instantly Search Terabytes
www.sdtimes.com EDITORIAL EDITOR-IN-CHIEF David Rubinstein drubinstein@d2emerge.com NEWS EDITOR Christina Cardoza ccardoza@d2emerge.com
dtSearch’s document filters support: ‡ popular file types ‡ emails with multilevel attachments ‡ a wide variety of databases ‡ web data
SOCIAL MEDIA AND ONLINE EDITORS Jenna Sargent jsargent@d2emerge.com Jakub Lewkowicz jlewkowicz@d2emerge.com ART DIRECTOR Mara Leonardi mleonardi@d2emerge.com CONTRIBUTING WRITERS Alyson Behr, Jacqueline Emigh, Lisa Morgan, Jeffrey Schwartz
2YHU VHDUFK RSWLRQV LQFOXGLQJ ‡ efficient multithreaded search ‡ HDV\ PXOWLFRORU KLW KLJKOLJKWLQJ ‡ forensics options like credit card search
Developers: ‡ 6'.V IRU :LQGRZV /LQX[ PDF26 ‡ &URVV SODWIRUP $3,V IRU & -DYD DQG NET with NET Standard / 1(7 &RUH
.
.
.
‡ )$4V RQ IDFHWHG VHDUFK JUDQXODU GDWD FODVVLILFDWLRQ $]XUH $:6 DQG PRUH
CONTRIBUTING ANALYSTS Enderle Group, Gartner, IDC, Intellyx, Ovum
ADVERTISING SALES PUBLISHER David Lyman 978-465-2351 dlyman@d2emerge.com SALES MANAGER Jon Sawyer jsawyer@d2emerge.com
CUSTOMER SERVICE SUBSCRIPTIONS subscriptions@d2emerge.com ADVERTISING TRAFFIC Mara Leonardi adtraffic@d2emerge.com LIST SERVICES Jourdan Pedone jpedone@d2emerge.com
Visit dtSearch.com for ‡ KXQGUHGV RI UHYLHZV DQG FDVH VWXGLHV ‡ IXOO\ IXQFWLRQDO HQWHUSULVH DQG developer evaluations
The Smart Choice for Text Retrieval® since 1991
dtSearch.com 1-800-IT-FINDS
REPRINTS reprints@d2emerge.com ACCOUNTING accounting@d2emerge.com
PRESIDENT & CEO David Lyman CHIEF OPERATING OFFICER David Rubinstein
D2 EMERGE LLC 80 Skyline Drive Suite 303 Plainview, NY 11803 www.d2emerge.com
Full Page Ads_SDT028.qxp_Layout 1 9/24/19 10:19 AM Page 30
The Cloud’s #1 Continuous Testing Platform Accelerate digital transformation across the enterprise with a comprehensive suite of software testing tools – from agile test management to automated continuous testing for enterprise architectures.
006,7_SDT028.qxp_Layout 1 9/24/19 11:15 AM Page 6
6
SD Times
October 2019
www.sdtimes.com
NEWS WATCH Reactive Foundation tackles next phase of software architecture To accelerate reactive programming and technologies for the next generation of networked applications, the Linux Foundation announced the launch of the Reactive Foundation. “With the rise of cloudnative computing and modern application development practices, reactive programming addresses challenges with message streams and will be critical to adoption,” said Michael Dolan, VP of strategic programs at the Linux Foundation. “With the Reactive Foundation, the industry now has a neutral home for supporting the open source projects enabling reactive programming.”
Jakarta EE now under open, community process After transitioning from Oracle to the Eclipse Foundation in 2017, Jakarta EE (previously known as Java EE), has reached another major milestone. With last month’s release of the Jakarta EE 8 Full Platform and Web Profile specification, the project now has a new baseline for having an “open, vendor-neutral, community-driven process.” Now, Java vendors, developers, and consumers will have a foundation for migrating Java EE applications to a standard enterprise Java Stack. “This is the culmination of two years of effort to move Java EE out of Oracle and into a vendor-neutral open specification process as well as enable open-source TCKs (Technology Compatibility Kits)
Python 2 to sunset by 2020 The Python Software Foundation formally announced it will sunset Python 2 on Jan. 1, 2020. According to the foundation, it would have liked to see Python 2 sunset back in 2015; however, since many did not upgrade to the new language, the sunset was extended until 2020. “We released Python 2.0 in 2000. We realized a few years later that we needed to make big changes to improve Python. So in 2006, we started Python 3.0. Many people did not upgrade, and we did not want to hurt them. So, for many years, we have kept improving and publishing both Python 2 and Python 3,” the foundation wrote. “But this makes it hard to improve Python. There are improvements Python 2 can’t handle. And we have less time to work on making Python 3 better and faster.”
to create a brand new specification process,” said Mike Milinkovich, executive director of the Eclipse Foundation.
bound traffic, but disabled for inbound traffic to allow us to stabilize this feature.
Istio 1.3 designed for developer adoption
Tidelift partners on web development libraries for Python
The latest version of the opensource service mesh platform Istio is now available. Version 1.3 works to improve developer usability, adds a number of debugging features, and provides better support. To achieve better usability, the new version includes the following changes: l All inbound traffic will be captured by default with no need to declare containerPort in the Kubernetes deployment l A single ‘add-to-mesh’ command in the CLI that adds existing services to Istio mesh no matter where the service is running l A ‘describe’ command that allows developers to to describe the pod and service needed to meet Istio’s requirements in any configuration l An automatic protocol detection is implemented and enabled by default for out-
The Python Software Foundation and Tidelift are teaming up on the community-driven Pallets Projects. Pallets is a collection of popular Python web development libraries. Through the new partnership, the libraries will receive maintenance, security and license assurances. In addition, Tidelift plans to provide income to the team of developers behind the open-source libraries to help maintain them to commercial standards. The Pallets Project is downloaded millions of times each month. Libraries include: l The Flash microframework for creating API endpoints l Jinja2, a Python template engine that provides Django inspired non-XML syntax l Werkzeug, a WSGI web application library l Click, a Python composable command line interface toolkit
l
MarkupSafe for adding untrusted strings to HTML/XML markup l Itsdangerous to pass trusted data to untrusted environments l Flash-SWLAlchemy for supporting SQLAlchemy in Flask
Atlassian heads deeper into the cloud Atlassian has announced a major update to its cloud platform designed to open up more opportunities for users in the cloud. According to the company, the updates are based on four pillars: editions, platform, administrators and cloud migration. “The main theme here really is about the evolution of our cloud offerings. It is how we are really doubling down on investments across multiple pillars so that not only are we building for our customers today, but we are building ahead of their needs and helping them future proof,” Harsh Jawharkar, head of GTM for cloud platform at Atlassian, told SD Times.
006,7_SDT028.qxp_Layout 1 9/24/19 11:16 AM Page 7
www.sdtimes.com
Apple announces iOS 13 app requirements Apple announced that all apps will need to be updated or built to work with iOS 13 by April 2020. In addition, apps will be required to fit the all-screen designs of Apple’s largest mobile devices and iPads. “Customers around the world will soon experience the incredible new features of iOS 13. Make sure your apps are faster, more responsive, and more engaging by taking advantage of Dark Mode and advances in ARKit 3, Core ML 3, and Siri. Update your apps and product pages, and submit today,” the company wrote.
Android 10 now out in Pixel devices Google announced the official release of Android 10. The updated operating system is built around three themes: advanced machine learning, support for foldable and 5G devices, and privacy protection.
Android 10 will first be rolling out to Pixel devices. In Android tradition, users of other Android-compatible devices will need to wait a few months before the update is rolled out to them. The Android 10 source code has been released to Android Open Source Project (AOSP) to make it available for the broader ecosystem. Android 10 extends multitasking across app windows and provides screen continuity to transition an app seamlessly between folded and unfolded modes.
Clubhouse launches collaborative editor Project management platform company Clubhouse announced the private beta launch of Clubhouse Write, a real-time collaborative knowledge base tool that focuses on information discovery. The full version is planned to be available later this year. Write interacts with Club-
October 2019
SD Times
house’s product management platform, allowing users to collaborate and comment on a doc in real-time, create retros, strategy docs, agendas and more with teams in one place.
team wrote in a blog post. Since ML Complete is still only in preview, it will not have the performance or polish expected in later builds, the team explained.
Dart 2.5 SDK oncludes ML-based developer features
Kong open sources universal service mesh Kuma
The stable release of Dark 2.5 SDK was announced with technical previews of major developer features. The technical previews included ML Compete, a machine learning-powered code completion capability, and a foreign function interface for calling C code within Dart. According to the team, code completions will help developers avoid misspellings and explore APIs. “As APIs grow, exploration becomes difficult, as the list of possible completions gets too long to browse through alphabetically. We’ve been working hard over the past year to apply machine learning to the problem,” the
API and service life cycle management platform Kong announced its new open-source project Kuma, a universal service mesh designed to increase the adoption of microservices. The problem that early adopters had with the service mesh was that the first generation meshes lacked a mature control plane and required extensive manual work and was often built on “immature proprietary networking libraries, the company explained. Kuma is built to run on any platform, tackle complexity, and automate the process of securing underlying networks without having to change any code. z
People on the move
n Mozilla has revealed Chris Beard will be ending his role as CEO this year. He has been with the company for 15 years, and has been CEO for about 5 of those years. The company is still searching for its next CEO, and if the search goes beyond the end of the year, executive chairwoman for the Mozilla Foundation and company Mitchell Baker will become interim CEO. n Serverless workflow company Stackery has appointed Tim Zonca as CEO and a member of the board of directions. Zonca previously worked with Puppet as senior vice president of worldwide marketing where he worked to expand the company’s DevOps portfolio. At Stackery, he will lead the “next phase of cloud and serverless adoption around the world.” n APM company Instana is adding microservice industry verteran to its team as chief marketing officer. Laurent Séraphin previously led marketing efforts for Dynatrace and Docker. As CMO at Instana, he will use his expertise in APM, contain-
ers and microservices to lead corporate, product solutions and revenue growth marketing. n Josh Turpen is joining Jama Software as chief product offer. He brings 17 years of experience to the company in software development and technology. As CPO, he will lead the company’s research and development, engineering and product portfolio efforts. n The Drupal Association has announced newly appointed board members to help grow Drupal adoption. The new members (left to right) include: vice president of worldwide developer relations for MongoDB Grace Francisco; senior vice president, CIO of global consumer solutions at Equifax Lo Li; co-founder of PreviousNext Owen Lansbury; co-founder of Commerce Guys Ryan Szrama; and freelance Drupal project manager Leslie Glynn.
7
008,9_SDT028.qxp_Layout 1 9/24/19 3:24 PM Page 8
8
SD Times
October 2019
www.sdtimes.com
Clubhouse WHAT THEY DO: Software project management
This year’s Companies to Watch in 2020 really highlights the seismic shifts that have been occurring in our industry. While the seminal development steps of project management, code notation and debugging are represented, so are serverless management, containerization and APIs. These companies are making products that set them apart in a crowded landscape, and are the ones that we’re keeping our eyes on. You should too.
WHY WE ARE WATCHING: Clubhouse offers an alternative to Jira that gives developers a traditional view of work in progress as well as providing the ability to pull back from the weeds to take a strategic look at development efforts.
Cockroach Labs WHAT THEY DO: Database management WHY WE ARE WATCHING: The company’s flagship product CockroachDB is a open-source, cloudnative SQL database that scales horizontally without reconfiguration of massive architectural overhauls.
008,9_SDT028.qxp_Layout 1 9/24/19 3:25 PM Page 9
www.sdtimes.com
October 2019
SD Times
Solo.io WHAT THEY DO: API Gateway WHY WE ARE WATCHING: Solo.io
Hyscale WHAT THEY DO: Containerized delivery platform
WHY WE ARE WATCHING: Hyscale
CodeStream
automates and auto-generates the artifacts required for application delivery in containers, helping organization bring workloads into Kubernetes.
OzCode
WHY WE ARE WATCHING: The compa-
WHAT THEY DO: Debugging
Codice Software
WHY WE ARE WATCHING: OzCode wants to reduce the time it takes to debug a service from days to hours and even minutes. The company recently released a debugging as a service solution that provides “pre-bugging” capabilities, enabling developers to find and fix bugs before they happen.
WHAT THEY DO: Software configuration management
WHY WE ARE WATCHING: Codice has been around since 2005, but this year the company caught our eye with its latest product Plastic SCM. The solution uses mergebots to automate DevOps through version control.
Harness
Tidelift WHAT THEY DO: Managed open source
WHAT THEY DO: Code notation ny offers a Google Docs-like system of commenting and making suggestions in codebases. This tool allows development teams to share and retain knowledge about their codebase in an intuitive way.
allows companies to transform legacy applications into microservices. As microservices continue becoming the new normal, it will be crucial for companies to find ways to efficiently update their old monolithic applications.
WHY WE ARE WATCHING: This company is turning open source upside down, paying developers to maintain opensource code for Tidelift’s customers, so they know they’re getting the latest updates and most secure versions.
TriggerMesh WHAT THEY DO: Serverless management
WHY WE ARE WATCHING: The use of
ProdPerfect WHAT THEY DO: Automated testing WHY WE ARE WATCHING: Their platform offers hands-off automated QA testing for web applications, understanding that the customer experience is critical for engagement and to drive sales.
WHAT THEY DO: Continuous Delivery
Snyk
as a service
WHAT THEY DO: Open-source security
WHY WE ARE WATCHING: With execu-
WHY WE ARE WATCHING: The use of
tives who founded AppDynamics and pioneered Continuous Delivery at Apple, this company is automating the entire CD process. Also, big-money backers.
open-source software is only continuing to rise. Snyk aims to provide solutions that automatically find and fix opensource vulnerabilities.
microservices, cloud and now functions can cause a lot of complexity for developers. TriggerMesh takes over the mundane and time-consuming tasks by automating the deployment of functions into the cloud and integrating with popular serverless frameworks. The company recently partnered with GitLab to bring serverless capabilities to DevOps.
9
010,11_SDT028.qxp_Layout 1 9/24/19 11:23 AM Page 10
Java language evolves to stay on top BY JENNA SARGENT
Java has been around for a long time, and over the past few years it has undergone significant changes to keep it relevant. It is still the most popular programming language among developers, according to JetBrains’ State of Developer Ecosystem in 2019 report. But it may not hold onto that title forever. While it’s still at the top of many lists of programming languages, other languages, like Python, are closing in on it. In fact, TIOBE predicts that in the next few years, Python will surpass Java (and C) as the most popular programming language. And Python is not Java’s only competition. The rise of Kotlin has also taken some of Java’s share away, especially once Google started supporting Kotlin
for Android development. Java happened to be in the right place at the right time, similar to how Python now happens to be in the right place at the right time with the explosion of interest in AI and machine learning. According to Rich Sharples, senior director of product management at Red Hat, when Java was created 25 years ago, it was designed with the network in mind, and had a lot of features for network communications. It also came about around the time that multiprocessor systems were gaining traction and it was one of the first languages to make use of those hardware advances without the developer having to do too much more work. In addition to those features, it also
had big backing in the industry, from Sun Microsystems, IBM and Oracle, which ultimately purchased Sun. All of these factors combined to make Java a highly successful language and a top choice for many developers for decades. The reason that it has stayed so popular is because it still meets the needs of working across networks, Sharples explained. And of course, there’s also the fact that it is open source. “Pretty much anything interesting happening in tech these days is happening around open source. And it was relatively early in mainstream open source as well. So it’s checked all the boxes from a technical point of view,” he said. Java was well suited to the environments of its time, but hasn’t really aged well as technologies change. Sharples
010,11_SDT028.qxp_Layout 1 9/24/19 11:23 AM Page 11
www.sdtimes.com
explained that Java does a lot of “cool dynamic stuff,” but those sorts of capabilities aren’t really needed in technologies like microservices and serverless. According to Sharples, when working in those types of environments, developers tend to just start fresh when they run into an issue. “If we see an issue, we see a bug, we just burn everything to the ground and then redeploy new containers with the latest versioning,” said Sharples. So all of those dynamic capabilities Java has aren’t really needed anymore. “What you get is a lot of baggage that doesn’t really provide much value in those modern architectures...If you think back, Java was designed to run on big multi-process machines. You could pretty much guarantee that you owned the machine and you could run multiple applications for each JVM or app server. That’s just not the world we live in today. Now you get a slice of a slice of a slice of a virtual machine, or even just a function for a certain amount of time. So a lot of those capabilities bring a lot of weight and complexity and offer little value. So if you look at functions as a service, you don’t see Java mentioned an awful lot.” But Sharples doesn’t believe Java is going away quite yet. He believes Java will likely still experience growth for many years, or even decades. There are many projects that let Java thrive in today’s environments, such as Oracle’s GraalVM, which allows for interoperability in shared runtimes, and Red Hat’s Quarkus, which is a Kubernetes-native Java framework. Mike Milinkovich, executive director of the Eclipse Foundation, which oversees Java Enterprise Edition (now Jakarta EE), also believes Java itself is going to evolve to support these technologies. “I think that’s there are going to be changes to Java that go from the JVM all the way up,” said Milinkovich. “So any new features in the JVM which will help integrate the JVM with Docker containers and be able to do a better job of instrumenting Docker containers within Kubernetes is definitely going to be a big help. So we are going to be looking for Java SE to evolve in that direction.” Sharples also believes Oracle has
October 2019
SD Times
It’s official: Java 13 available Like every other Java release since Java 6, Java 13 was available in early access preview prior to the official release earlier this month. These previews give developers the opportunity to try the new version out before using it in their production code. “[This has been useful] because it gives people a way to try out the current state of the version and give us feedback, both on features, but also if there are particular bugs that may be affecting them and their application,” said Georges Saab, vice president of engineering for Java Standard Edition. According to Oracle, the goal with Java 13 was to improve the performance, stability, and security of both the Java SE Platform and the Java Development Kit (JDK). Java 13 introduces three new Java Enhancement Proposals: dynamic CDS archives, the ability to uncommit unused memory, and a reimplementation of the Legacy Socket API. Dynamic CDS archives improve the usability of the Application Class-Data Sharing feature. This feature will help improve startup times. Java 13 allows unused heap memory to be returned to the operating system or container. According to Saab, this feature is about making sure that “the JVM is being a responsible and friendly citizen, not assuming that it’s the only thing that’s going to be running on a particular server or cloud.” Finally, Oracle has reimplemented the Legacy Socket API. Now the API is much easier to maintain, debug, and prepare for user-mode threads, the company said. “Basically, this is about making sure that as we are changing the threading model in order to increase Java scalability,” said Saab. This release includes two preview features as well. Preview features are fully implemented and made available for testing before being implemented in the language, allowing Oracle to gather developer feedback. The two preview features in this release are ‘It gives people a way to Switch Expressions and try out the current state text blocks. Switch Expresof the version and give sions allows switch to be us feedback.’ used either as a statement or an expression. Accord—Georges Saab, vice president of engineering ing to Oracle, this feature at Oracle for Java Standard Edition simplifies coding and lays the groundwork for future features like pattern matching. Text blocks are multi-line string literals that automatically get formatted in a predictable way, which gives developers more control over code format, the company explained. z
done a pretty good job of “keeping the innovation going without breaking the stability.” Oracle currently has several active projects focused on facilitating innovation for Java: l Valhalla, focused on introducing value types to Java l Panama, which is about updating the form function for Java l Loom, which focuses on scaling Java l Amber, which is focused on finding ways to simplify the language l Metropolis, which is trying to see how much of the JVM can be writ-
ten in Java so that both JVM and Java can evolve faster “Despite the fact that we now have a feature release every six months, the harder problems that we solve have not somehow magically found a way to be crunched down into six months of work,” said Georges Saab, vice president of engineering at Oracle for Java Standard Edition. “So basically what these projects are about is having a place where we can work on these problems longer term. And the projects are encouraged to find a way to break down into smaller increments the sort of output and steps forward.” z
11
012_SDT028.qxp_Layout 1 9/24/19 11:23 AM Page 12
12
SD Times
October 2019
www.sdtimes.com
UNICEF and Red Hat work to bring internet connectivity to those without BY CHRISTINA CARDOZA
While it may seem like most of the world is going through a digital transformation, there are still many people without basic access to the Internet. The International Telecommunication Union found about 3.7 billion people remain unconnected. Additionally, 29 percent of 18 to 24 year olds (mostly in Sub-Saharan Africa) do not have access to digital products and services, limiting them from the same information,
sible, the organization teamed up with Red Hat on a co-creation effort. “Co-creation is simply multiple organizations working together to tackle a big issue or effort. You’re leveraging a wide range of perspectives and diverse skill sets to work toward one goal. In the beginning, there might be some storming in the teams — we’re feeling each other out. How do the teams work best together? What kind of creative solutions can we develop together? After a
Project Connect uses Magic Box to map schools around the world and their connectivity data.
opportunity or choice as their connected peers. “Internet access is still an unaffordable luxury for many. For others, service is inadequate or unreliable, and not worth the trouble or expense of connecting. Online abuse, violations of privacy, government surveillance, and other issues provide further challenges, keeping many offline,” Eleanor Sarponh, Alliance for Affordable Internet deputy director and policy lead, wrote in a post. In an effort to close this gap, the United Nations Children’s Fund (UNICEF) created Project Connect, an initiative to not only bring connectivity to every school, but evaluate schools’ ability to reach out about education, health and emergencies. In order to make this pos-
while, the teams become one,” said Nick Hopman, vice president of global professional services, practices, solutions and offerings at Red Hat. Going into the project, UNICEF needed to understand what schools were connected, what schools had access to digital tools, and where were the gaps. This meant dealing with a number of different data sources and looking at other factors such as natural disasters, conflict, poverty and other vulnerabilities, according to Chris Fabian, cofounder of UNICEF’s Innovation Unit. To get Project Connect started, UNICEF participated in Red Hat’s eight-week Open Innovation Labs residency program. Out of the program, UNICEF was able to quickly create a prototype that showed the value of the
project. Fabian explained the program provided access to people, processes and open-source tools that helped UNICEF speed up its pace of innovation. “Red Hat knows that there is no such thing as ‘one size fits all.’ We liked their open-source model — it democratizes access to technology which is something that tied into our mission perfectly,” said Fabian. In addition, the Red Hat program improved the infrastructure of the platform, allowing it to scale to different countries as well as create mechanisms for new partners and contributors to get involved. With the prototype, UNICEF started working with the Colombian Ministry of Education and Desk of Education in Emergencies to build tools that could help them prepare and respond better to emergencies as well as work to connect disconnected school. Today, the project has mapped more than 500,000 schools in 10 countries, and has connectivity data for more than 120,000 schools in five countries, Fabian explained. There is also interest from a number of different governments looking to use the tool to provide connectivity, understanding school’s risks and creating information about education. UNICEF also worked with Red Hat on Magic Box, a collaborative data sharing platform that provides critical insights into vulnerability populations. “With a real-time map of every school’s Internet connectivity, we will know how to best target help. This is the goal of Project Connect. We want to help identify where the gaps are, understand the level of connectivity that exists at each school, and do our best to channel partners and resources to help. We believe this information will ultimately help national governments optimize their education systems,” Project Connect’s website stated. z
Full Page Ads_SDT028.qxp_Layout 1 9/24/19 10:17 AM Page 13
014-15_SDT028.qxp_Layout 1 9/24/19 4:19 PM Page 14
14
SD Times
October 2019
www.sdtimes.com
Parasoft rolls out Selenic BY DAVID RUBINSTEIN
Selenic: of or relating to Selenium. That, in its most elemental definition, describes Parasoft’s new tool for UI testing. Called Selenic, the tool rounds out Parasoft’s test offerings, from unit testing to API testing up to the user interface. Selenic monitors Selenium tests, discovering errors in the user interface, making remediation recommendations into a developers’s IDE and doing its own self-healing right in the integration pipeline. The tool has been in beta testing and Parasoft announced on October 1 a pre-release at the STARwest test conference in Anaheim, California. Parasoft created Selenic after asking customers how they test their UIs, to see what it could do to leverage customers’ existing UI test practices. According to Mark Lambert, vice president of product management at Parasoft, the company didn’t realize how big Selenium is, with 64 percent of organizations responding to their survey saying they use or are moving to Selenium. Another 7 percent use open-source frameworks or custom tools, and 14 percent are doing manual testing. The remaining 15 percent use commercial tools — Tricentis, SmartBear and Parasoft’s SOAtest with its UI testing capabilities. The open-source Selenium project is 15 years old, and there are those who say it wasn’t built to solve the problems that today’s new architectures present. But, according to Max Saperstone, director of software test automation at consulting company Coveros, companies have been looking to replace Selenium with their own tools for years and have not seen significant traction to do so. “Yes, there are some problems [with Selenium], and there are some tools trying to fix
some of them,” Saperstone said, “ but it’s more in the underlying way that people are trying to do automation than the tools themselves.” People, he has observed, are not using Selenium correctly for test automation. “It really is a matter of, a mentality shift, from going from ‘Hey, I can’t just take my manual tests and automate them.’ That’s not the right way to be doing automation,” Saperstone said.” You need to put more thought into it. The reason that there’s all this maintenance time that I’ve seen in the field is because people take this one- or two- or sometimes 10-page long test case and they convert that directly into Selenium. And then they say, well I have 1,000 different steps I just went through and so I have to maintain all of those. But if the second one breaks, those other 998 I never even get to and so I have no idea if they actually work or not.” Other challenges to doing UI test automation are creating reliable locators and wait conditions, maintaining tests after UI changes, discovering and debugging automation failures, the test suite execution time, and the knowledge and skills to create scripts. These are the issues Parasoft is looking to address with Selenic. “A lot of these web applications have
dynamic elements within them, with dynamic internal IDs, and it’s difficult to figure out how to correctly locate the element on the page,” Parasoft’s Lambert explained. Next, he added, “is handling the maintenance of your test suite when the UI changes. Changes to the UI — the move of a button, the change of a label — can have significant roll-on impacts to the test suite, and to be able to update those tests in a short period of time was very challenging.” Selenic is built using the Page Object Model, which is a design principle for creating Selenium tests. Chris Colosimo, product manager at Parasoft, explained: “You have your script, and as it traverses your application, it’ll click on buttons, inputting in the fields... In the Page Object Model, the way you write your Selenium tests is you build these pages as objects and then on each individual object, you reference all your buttons. You can define where a button on a page is once and use it multiple times in your application. It just makes maintenance much easier.” Saperstone said, “Developers are going to change their locators, and testers don’t find out until it dumps into the pipeline, or until it’s even handed over to them, and it’s kind of just blind
014-15_SDT028.qxp_Layout 1 9/24/19 4:19 PM Page 15
www.sdtimes.com
October 2019
SD Times
automated UI testing tool guessing... why don’t my tests work anymore? What did they change? I spent weeks and months working with some organizations just trying to get the developers talking to testers so it doesn’t happen all the time. I still believe that’s the ideal solution — communication between the teams. [Selenic] does in fact make it so that when that does happen, it’s not this ‘we don’t know what’s broken; I have to do a lot of this analysis.’ It just kind of did this nice self-healing of the broken locators, which again is fairly cool, I would say some of the products I’ve worked on, I’ve literally spent half of the maintenance time to put in to keeping scripts up to date literally just updating locators, which is an awful and tedious thing to have to do”. In a demo, Colosimo showed Selenic monitoring a Selenium test and found that a test failed due to a bad locator. Selenic captured a screen shot to show where the test failed; something was wrong with a field. Selenic’s Smart Selenium Testing feature, which uses AI for test stability and maintenance, makes a recommendation on how to fix the test. It turns out the test failed because a button could not be clicked upon, and the recommendation was to update the locator in Selenium
with another specific locator, that, Colosimo said, had “a 96 percent confidence factor that says these are the correct locators to use.” He explained that the AI engine used analysis of previous test success to construct a new, smart locator, and prioritizes suggested fixes. Those recommendations, Colosimo added, can be imported directly into the IDE — Eclipse in this instance — and take you right to the line of code to make the change. Selenic, though, can self-heal the Selenium code in the JVM at runtime, selecting the best locator and swapping it out so the test doesn’t fail, allowing developers to validate the application without losing the time to make the fix. Lambert said that Parasoft has enhanced its recorder to capture actions against the UI directly from the browser. “The self-healing stops the nightly build from breaking unnecessarily; the AI recommendations help you maintain and enhance the test case, cutting down your maintenance time by 20 percent,” he said. “These are two primary value propositions with Selenic.” He went on to say that, “What’s important is, that object model is the way you create more maintainable tests. As we create additional record-
ings, we add that to the Page Object Model, so we’re not creating scripts to run in isolation. They’re actually reusing the same object contacts, and that’s really the value of the Page Object Model.” Colosimo noted that Selenic enables users to get to the code when it’s needed, describing why Parasoft eschewed the scriptless approach. “The reality is, every UI is different… the widgets, the pulldowns. In 80 percent of the applications out there, at some point you’re going to have to do something complicated. By having direct access to code — Selenium code and a massive Selenium community — it almost becomes easier to use than the scriptless approach, because you can know what to do when you get stuck.” Coveros’ Saperstone commended Parasoft’s positioning of Selenic as a complement — not a replacement — for Selenium. “ A lot of companies I work with, it’s all about, ‘Stop using Selenium, and migrate over to our tool. Use our stuff.’ And, if you don’t like it, it’s kind of too bad,” he said.” All of your code is now with us. That’s one of the really cool things about Selenic. You just add it as another command-line parameter to whatever you currently have going, as long as it’s Selenium and Java. If you want to stop using it, great. Your tests still work, you just no longer get that one piece of functionality, that’s providing locator healing, etcetera. So you don’t have to make this huge investment in order to get the benefits. That I think is one of the most unique things about it, because most tools are all about, well, let’s get you over to use our software, which is more retentionbased than anything else. For me, as someone who loves using open-source tools, that’s a little bit frustrating.” Selenic will be on a four-times-peryear release cycle, Lambert said, with a 2019.1 release due Oct. 31, and a 2019.2 release set for Dec. 19. In midQ1 next year, 2020.1 will be released. z
15
016,17_SDT028.qxp_Layout 1 9/24/19 12:11 PM Page 16
16
SD Times
October 2019
www.sdtimes.com
Shadow IT
doesn’t have to be as dark BY JENNA SARGENT
It’s no secret that IT teams are overwhelmed. Sometimes they don’t have the time or resources required to get everything done. And when employees have to wait long periods of time for IT to approve and complete a project, sometimes they decide to take matters into their own hands. Shadow IT is the result of people trying to solve their problems themselves, without getting IT involved. Shadow IT can be a risky business. Services that are completely out of the control of the centralized IT team can introduce new risks, said Jay Chapel, CEO of cloud cost analyzer company ParkMyCloud. “The fact that shadow IT exists at all is a problem because it’s an indication that IT isn’t getting the job done and those in the business feel that they can do a better job of providing IT,” said
Glenn O’Donnell, VP and research director at Forrester. For example, a marketing team could set up their own communications channels, like Slack, rather than relying on the companywide messaging system. Shadow IT — especially unintentional shadow IT — can be difficult to track, especially when free services are involved. It’s a bit easier to keep track of when there are paid services that are showing up on expense reports. Departments that are doing shadow IT may not even realize they are doing it. “If you go out and get an account on HubSpot or if you go out and take advantage of some of the new SaaS capabilities that are out on the market to do something within your department, folks might not even think of that as shadow IT, it’s ‘hey, it’s just an app, it’s just something I’m using,’ without thinking of the potential exposure of
what you’re putting up there,” said Chapel. The risk of shadow IT will also be dependent on how savvy those individual departments are. “If it’s shadow IT by a department that’s just run rampant and has not taken proper care of data then it can become a serious problem,” said Chapel. Policies like remote working and bring your own device (BYOD) can also contribute to IT having less control over its users. Companies that are implementing those policies have decided that the potential risks are outweighed by the overall benefits, Chapel explained. Depending on the company, those policies may be strict or more lenient, if they even exist at all. Some companies may lock down devices heavily if they are leaving the office. “On the other extreme, there’s the companies that are
016,17_SDT028.qxp_Layout 1 9/24/19 12:11 PM Page 17
www.sdtimes.com
as it sounds letting folks VPN in or at least bring their laptops home. And at that point the laptop is a piece of corporate managed infrastructure and if somebody is going to steal data they can do it just as well sitting in the office as they can sitting at home, so to that extent, there’s just a certain amount of trust going on.”
Shadow IT can be useful But shadow IT doesn’t have to be all bad. It’s possible that some departments will have people that have the skills to handle IT issues. If IT puts proper safeguards in place, such as password control and encryption, then it could be a viable option, Chapel said. And by giving employees more control over IT services, IT teams can focus more on managing the core infrastructure and services in an organization, Chapel explained. O’Donnell explained that companies
tend to gravitate toward two extremes of IT. “One is everything sits in IT and the other extreme is everything sits in business and there is no IT. And as is usually the case, both extremes are illadvised. You’re better off finding that right balance between the two, or what I keep calling the Goldilocks balance — it’s not too little IT and it’s not too much IT. It’s the right level.” Chapel recommends companies ask the question: Is shadow IT recognized as a practice that is available within an organization? “As long as there are certain standards available for everyone to use, like password control, encryption, availability of the knowledge of good practices, and corporate wide training of how to do your own shadow IT, it can be okay,” said Chapel. Of course, it’s important that IT teams evaluate that risk. According to Chapel, risk will vary depending on the
October 2019
SD Times
individual organization, and the individual departments within that organization. For example, if it’s a software development group that doesn’t have access to customer data, the biggest risk will likely be the availability of proprietary software source code. Or it could be a marketing group that has access to customer data, which will need to be handled differently. “I think it depends on the nature of the department itself and what the sensitivity is of data that they might hold. Maybe the cafeteria is not a big deal, but the building management is if it means someone might have access to security systems.” It’s also important that organizations have thorough policies in place, and that these policies are enforced. A company may determine that certain services, such as Dropbox or Google Drive, are okay, but that others aren’t allowed to be used. “There probably should be corporate level policies that let people know ‘shadow IT will not be tolerated, this includes these types of services’ or ‘managing your own IT resources is okay, within the following bounds’ or maybe there has to be a simple approval process,” said Chapel. Chapel believes that the best solution to shadow IT is to allow IT to review things, but not actually have to manage it. This takes the burden off of IT, while still ensuring that they know what services are in use in the organization. “Again, the reason shadow IT exists is that there’s a fundamental disconnect between those two parties,” said O’Donnell. By opening up a dialogue between employees and IT, they can share what’s important and come up with common goals. “And shadow IT isn’t necessarily a bad thing, but it is in the sense that it’s a communication issue...Especially now, as business is getting smarter, you’re getting a lot of IoT devices and edge computing that are more applicable to the business directly and less applicable to a central IT organization. You have to have that shared responsibility and that balance between the two extremes.” z
17
019_SDT028.qxp_Layout 1 9/25/19 11:19 AM Page 19
19
Sparx Systems’ EA 15 Widens Support for Methodologies BY JACQUELINE EMIGH
parx Systems specializes in high-performance, scalable, visual modeling tools for the planning, design, and construction of software-intensive systems, according to Tom O’Reilly, chief operating officer (COO). In the latest version of Enterprise Architect (EA), Sparx continues to add new features to their modeling and design platform which covers the entire software development life cycle, facilitates a wide range of methodologies and approaches, and helps developers solve the many challenges they face today. “Our chief concern is bringing multiple viewpoints and technologies together to form a comprehensive end-to-end map of any solution space,” O’Reilly noted. “EA remains a flexible tool to implement whatever methodology you wish, and it includes built-in tools to help.” EA covers all aspects of Agile software development, including Burndown Charts, Kanban Boards, Requirement tracking and web-based stakeholder feedback, to cite a few examples. In Sparx Systems’ latest expansion of methodologies support, the new EA 15 brings support for Business Motivation Model (BMM) 1.3, Value Delivery Modeling Language (VDML), and the Object Management Group (OMG)’s MARTE profile for Real Time and Embedded Systems (RTES). For the growing numbers of organizations implementing or planning to implement DevOps, Sparx’s ProCloud Server offers a convenient and easy way to pass guidance and feedback back and forth among distributed teams in business and IT. Beyond the many new tools in EA 15, Sparx has introduced new entry-level pricing for Pro Cloud Server providing affordable collaboration and sharing for small and growing teams. Moreover, using the Pro Cloud Server tools like WebEA and Prolaborate provides a very quick feedback loop to make sure that software implementations meet the stakeholder requirements. “This keeps all parties in the know and on the same page,” O’Reilly observed. Coupled with new custom drawing tools in EA 15, WebEA and Prolaborate also make it easy to produce and share attractive curated visual representations of the model for business users which if required can avoid the technical appearance of traditional modeling notations. “EA has always been focused on covering the entire life cycle, from requirements management to coding and testing features, providing traceability and staged development from the stakeholder requirements through to the final product,” O’Reilly said. New features in EA 15 which enhance full life cycle cov-
S
erage include model-based automation capabilities, relationship matrices for diagram elements and new ways of connecting and visualizing class attributes. “One common challenge for software developers and modelers is the ability to interface with external data sources,” O’Reilly noted. Data Miner, another new tool in EA 15 provides a comprehensive means of abstracting data from a range of external data sources, including databases (ODBC, ADO, OLEDB, JET), text files (XML, JSON, plain text), Excel (xls, CSV), and online files or URLs. Developers can use EA’s Data Miner capabilities to create a reproducible import process defined in a model format. This entails a data configuration process to hold the complex data connections and information, along with the ability to run JavaScript over the data set post import. In EA 15, the traditional Project Browser has been enhanced, and it now incorporates four different view types of each model.
Development Tools Tools
Sparx Systems These include the standard complete model hierarchy, the context-only hierarchy introduced in EA 14, a new element browser, and the new diagram browser. New model-based add-ins in EA 15 are designed to ease development and deployment of custom add-ins, which can be used to enforce new workflows, governance, and control within mission-critical models. These models are defined within the model itself. Consequently, there’s no need for network administrators or others within the organization to manage the update and deployment cycle. Developers can also leverage security groupbased restriction in the Perspective and Ribbon Sets to make sure that modelers only view the tools and technologies relevant to their own roles. New model patterns in EA15 enable developers to model Google Web Services and Amazon Web Services (AWS). These incorporate some specific example patterns such as “AWS Connected Vehicle Solution” and “Google GCP Example — Sensor Stream Ingest and Processing.” “Complex legacy code bases can be hard, if not impossible to understand,” O’Reilly maintained. EA incorporates tools like the Visual Execution Analyzers, sequence diagram generation, the code profiler, and memory profiler which can help developers understand the code archeology of the systems now in place. H
From COBOL to Go:
020,21_SDT028.qxp_Layout 1 9/24/19 11:27 AM Page 20
20
SD Times
October 2019
www.sdtimes.com
Why we must support BY PIETER DANHIEUX
It seems almost comical that in 2019, we should be talking about working with a computer language that was invented in 1959. There aren’t too many seminars or conventions these days devoted to the art of rethreading classic Singer sewing machines, or swapping out the oil pan on a Chevrolet Parkwood or a Triumph Herald. Most of those aging tools have long since been retired, upgraded to new and more efficient models. Yet over here in technology land, which is supposed to be cutting-edge compared to other industries, we are still working with languages like COBOL, which was released around the same time. Of course, there are very good reasons for this. The Common Business Oriented Language (COBOL) may be 60 years old, but it was so well constructed that it’s still relevant and in widespread use today. COBOL was created as a relatively simple way, using plain language grouped into specific sentences and syntax, to program backend systems to perform mathematical and formulaic tasks. Why does it live on today? Put simply, it is very good at its job. In a sense, it has become a part of the computing fabric for many mainframe and core systems in industries as diverse as the financial sector and manufacturing. There have been incremental updates to COBOL over the years, most notably in 2002 when it was turned into an object-oriented language to make programming new applications a little bit more fluid. But for the most Pieter Danhieux is co-founder and CEO of Secure Code Warrior.
020,21_SDT028.qxp_Layout 1 9/24/19 11:27 AM Page 21
www.sdtimes.com
October 2019
SD Times
legacy security training and beyond part, COBOL remains today what it was back then: an unsung hero, and a workhorse kind of programming language that works on the back-end to underpin many modern mainframe-level applications. Unfortunately, there was not much in the way of security considerations when COBOL was first created. For example, many COBOL applications have a password program protecting them, but they are almost never hardened against things like brute-force protection to prevent cracking. Couple this with the fact that many modern security tools that monitor network traffic don’t know how to deal with or evaluate functions happening within programs written in business languages like COBOL, and you have a real problem waiting to happen. Quite a few modern breaches have been successful because of a lack of security oversight for systems running classic computer languages. In 2015, the data of over four million US federal employees was exposed when the Office of Personnel Management (OPM) was hacked, with the blame falling to their usage of COBOL, citing an inability to implement modern security measures on such an archaic system. Years ago, security was provided by an army of programmers who knew COBOL and other hot languages of the time. Back in the 1960s, COBOL was like today’s Java or .Net, and those who knew about it were the rockstars of their departments. As of 2019, those folks have likely long since retired, even though the systems they protected have not. Quite a few of these so-called greybeards were brought back to their organizations as contractors to defend
the same mainframes they worked on before. In more than a few places, they existed as a bit of an anomaly: a secretive cabal of aging sorcerers in some back corner of the office, their strange dress (wide ties and three-piece-suits) and oddly polite mannerisms not quite fitting in with all the modern hipsters sporting skinny jeans and man buns. Yet, they were absolutely necessary, because few modern programmers sling code in COBOL and other ancient languages. Sadly, even these final wizard sentinels are fading away, finally giving up the ghost and moving to Boca Raton, and enjoying a true retirement. As such, there is a dire need for people who understand older languages, and the security vulnerabilities that they contain. Even if younger people don’t know how to write code in classic languages, they should at least understand how they work and their potential vulnerabilities. Because while COBOL development has remained relatively static, the threats leveled against networks have continued to evolve. Trying to use ancient cybersecurity techniques programmed sixty years ago, like the aforementioned COBOL password application, to defend a mainframe against modern attackers is akin to deploying a phalanx of spearmen to fight a platoon of space marines — short of a Hollywood-esque miracle, it’s going to end badly for the dudes with the spears. That is why we believe in the importance of an advanced training system that covers a wide gamut of programming languages and frameworks. You see, one of the glaring issues with a lot of security training options is that the information is simply too generic, or worse — completely irrelevant in the
day-to-day jobs of the developer partaking in it. Spending half a day learning about vulnerabilities that only apply to Java isn’t going to help a COBOL developer fortify their system, and it just perpetuates the idea of ‘security’ as a tick-the-box exercise to be forgotten about once the mandatory course has been completed. I might add that training someone in Java security bugs is not always applicable for a Java Spring developer. Secure coding is simply different in every language, even up to the framework level. In our mission to empower all developers to become security superheroes, we won’t overlook a valid computer language that is still in use at some of the world’s most targeted and critical facilities. Exploring our platform, you will find modern, hands-on challenges and training relating to COBOL offered alongside some of the most modern programming tools available today, like Google’s Golang. This flexibility ensures that training is relevant to an individual and contextual, mimicking their work environment for maximum engagement and effectiveness. After all, building a robust security culture is paramount in the fight against cyber threats, so training should be practical (and fun, of course!). We want our industry to get to the stage where it doesn’t matter if security threats are made against systems running aging languages, or against the most modern mobility apps. We want every developer to be armed with the best information about those vulnerabilities, the tools and techniques used by attackers to exploit them and how to stop them cold. We will never surrender or waiver in the face of cybersecurity threats. z
21
022_SDT028.qxp_Layout 1 9/24/19 11:27 AM Page 22
22
SD Times
October 2019
www.sdtimes.com
DEVOPS WATCH
CollabNet VersionOne positioned to create DevOps initiatives for large enterprises BY JAKUB LEWKOWICZ
Following its recent investment from TPG Capital, CollabNet VersionOne plans on using its new $500 million to expand partnerships and create comprehensive solutions that drive AI and value stream management (VSM) throughout enterprises. VSM solutions allow companies to capture, create, deliver and measure the flow of business value throughout their application development life cycles, a core component of today’s DevOps-centric work environments. CollabNet VersionOne CEO Flint Brenton explained that ever since the company pioneered VSM, its growth rate has gone up dramatically. “To take us to the next phase of our growth and evolution, we needed a new partner … it was really time to find a growth-oriented partner like TPG to take us to the next level,” Brenton told SD Times. CollabNet noticed that the DevOps market is fragmented today and saw an opportunity to advance Agile and DevOps at scale by building a platform for enterprise customers. The primary focus for CollabNet continues to be on medium to large
In other DevOps news… n GitLab announced that it acquired $268 million in Series E funding, bringing the total valuation of the DevOps platform to over $2.75 billion. The company plans to use the funding to add key features in monitoring, planning and security to further develop its platform, as well as expand its workforce.
n Quest Software announced updates to Quest Toad for Oracle, its database man-
enterprises that are committed to digital transformation and have a need to scale agile, according to Brenton. “Scaling agile to us means tying what the team is doing to the enterprise to the strategy coming out of the C-suite. It means allowing them to use worldclass version control with our Git offerings and then automate the production,” Brenton said. “It’s really going to be taking people that want to scale Agile that haven’t gotten there yet and need a platform like ours to do it right.” TPG and CollabNet said they will work together to build on the company’s enterprise software success through organic investment and strategic acquisitions. “We have a few gaps that we could fill organically and there are a few gaps that can be filled inorganically through acquisitions. So it’s really on the right side of the need we’re going to expand,” Brenton said, adding that the partnerships will target areas that CollabNet would “never be able to get to in its organic development in our lifetime.” One such area that the company is targeting for acquisitions is application release automation, which refers to the process of packaging and deploying an agement toolset. The new release tackles DevOps challenges by giving database developers the ability to manage their growing database environment and helping development teams better understand code constructs, reduce risks and simplify code maintenance.
n Data Theorem announced a new sin-
gle-page application (SPA) security server designed to provide automated discovery and continuous runtime vulnerability inspection of modern web single-page applications. According to the company,
application or update of an application from development, across various environments, and ultimately to production. Brenton said that this is a hot market that CollabNet is not currently active in, but added that he sees demand for it from CollabNet customers. CollabNet’s current core offerings include VersionOne for enterprise Agile planning and management, the VS value stream management platform for connected workflows and visibility throughout the entire delivery value stream, and TeamForge for enterprisescale source code management and application life cycle management. It also includes the recently released Ossum, a SaaS DevOps offering that integrates and streamlines software development from idea to release. “One of the things that works really well about our VSM model is it doesn't have to be all of our product,” Brenton said. “We’ve got a very strong set of connectors that work out of the box. We integrate with what people need to use in their own business to build software. And we act as a unifying workflow for the enterprise and then we try to extend that reach beyond development into the functional departments.” z DevOps teams are rapidly building web SPAs, but lack the ability to gain insights and inspect security vulnerabilities.
n Split Software is adding feature monitoring to its feature delivery platform in order to give DevOps teams the ability to detect errors and react faster. According to the company, the new capability will enable teams to securely release new features, target features to customers, measure the impact of features, and observe key performance indicators. z
Full Page Ads_SDT028.qxp_Layout 1 9/24/19 10:19 AM Page 23
LAS VEGAS
DON’T START YOUR DEVOPS JOURNEY ALONE.
REGISTER NOW itrevolution.com/sdtimes
024-26_SDT028.qxp_Layout 1 9/24/19 4:16 PM Page 24
24
SD Times
October 2019
www.sdtimes.com
BY CHRISTINA CARDOZA he allure of serverless is attracting a number of businesses and development teams. A recent report from the Cloud Foundry Foundation revealed 51 percent of respondents are either using or evaluating serverless, with 18 percent of them doing it at scale. For businesses, it is about an ondemand price model as opposed to upfront costs. For development teams, it is about removing operational complexity and focusing on what really matters, which is the code. “Managing infrastructure is an incidental complexity. You only do it because you have to. It doesn’t make much business sense to manage infrastructure. By being able to move to a more pay-as-you-go style, you are removing responsibility, worry and
T
Evaluating if serverless is operational complexity,” said Viktor Klang, deputy chief technology officer at Lightbend, a cloud-native microservices platform company. But serverless isn’t just a ‘set it and forget it’ solution. It is a different model and a different way of thinking, and businesses have to look beyond all the flashy benefits to evaluate if moving to serverless makes sense to them, according to Chris Parlette, director of cloud solutions for the cloud services company ParkMyCloud. “It has its use cases, but it is not going to solve everything, and I don’t think it is a perfect use case for everything you are trying to do. It is important for enterprises and large organizations to evaluate it as an option, but it is just another option. It is another tool in the toolbox,” he said.
Taking a deeper look into serverless Serverless has become very attractive because it is the next abstraction of technology, according to Tolga Tarhan,
chief technology officer for the cloudnative managed services provider Onica. In the past, teams would put servers in data centers. Then a couple of years later they started using virtual machines for everything. A couple more years later, they started moving to the cloud as the next step away from buying and maintaining hardware. This is the next step in that journey, Tarhan explained. With serverless, development teams no longer have to worry about the operating system or virtual machine at all. They just have to make sure their code is running at the right time. “They don’t really care about all the noise around an operating system: patching it, securing it, managing it, configuring it...all that falls away. Instead they just write the code they need for their use case and write it up to the right events,” said Tarhan. “It reduces complexity and costs. You are not paying for servers that are idle. You are only paying for the mil-
liseconds you are using compute resources, and it frees up more of a developer’s and development team’s time for feature development.” However, the cost benefits can also be misleading. According to Parlette, there can be some hidden costs if you don’t understand where or how to use serverless, and that can become very expensive. Serverless also makes you dependent on your cloud provider since they are the one that controls the resource provisioning and responsibility for the back-end infrastructure. The good news is that as more businesses start to use serverless, there is more data around what exactly it is going to cost and what the ongoing maintenance for a serverless environment actually looks like. For instance, “if there are huge spikes in traffic, you can now understand what it means. If there is flat traffic, you can evaluate it more. It is an apples-to-apples comparison with a more traditional server model,” said Parlette.
024-26_SDT028.qxp_Layout 1 9/24/19 4:13 PM Page 25
www.sdtimes.com
rewriting apps just to run on a different back end, the customer is not getting any beneficial use out of it. “Just rewriting something for the sake of using serverless doesn’t make sense,” Parlette added. Because of this, he does not see traditional servers being completely replaced by serverless architecture any time soon. However Onica’s Tarhan explained that serverless shouldn’t be looked at as a migration path. Instead, it is a green field, net new application development option or a major reactor. “You might be able to reuse some of the code, but you are going to do some serious surgery to your application,” he said. “The question is more about value,” Lightbend’s Klang added. “What is the investment of making the transition for a specific piece of technology and what is the cost of just inte-
right for you Being smart about how you implement the architecture The best time to use serverless is when you are starting new applications from scratch, using a microservices-based approach where you have small services and chunks of code that are not interdependent on one another; and running infrequently used scripts that don’t need to be constantly running on a server, according to Parlette. Parlette explained he wouldn’t suggest taking existing applications or monolithic applications and moving them to a serverless approach. “I wouldn’t rewrite a whole application just to use serverless without at least doing a lot of evaluation of the ROI on that. The reason I say that is because a lot of times you are sitting there rewriting your application, you are not making any forward progress. You are not implementing new features. You are not pushing the ball forward,” he said. If you are spending all this time
grating with existing solutions? You always need to make that decision on a case-by- case basis.” According to John Graham-Cumming, chief technology officer for the internet security and performance company Cloudflare, application architecture is going to move from a two-tier client-server approach to a three-tier approach. Graham-Cumming explained by adding a third tier, or middle ground, businesses will be able to get closer to the user, have lower latency and be much more interactive. This third tier is on the edge in a serverless platform. Since serverless enables application code to be able to run from anywhere, it makes it possible for code to run on edge locations. Edge computing allows development teams to bring computing as close to the source of data as possible. This is important to reduce latency and bandwidth use, which can sometimes be a problem in serverless. “The edge is very fast and has great connection to the Internet,” so it elimi-
October 2019
SD Times
nates any noticeable delays, GrahamCumming explained. “People think serverless is only for some tiny point of their application or a little bit of configuration, they are not yet fully appreciating that what is happening here is a fundamental change in how applications get built and what we will see in the future is people thinking about the three-tier application,” he said.
Serverless 2.0 One of the areas that serverless does not work well in is where your application is stateful. Serverless applications, or functions as a service, are intended to be stateless, meaning it holds no memory, according to Lightbend’s Klang. As an example, if you are doing an image resize function that takes the image in and emits a resized version of the image, it doesn’t matter if there are a billion images being resized in parallel because they are not interdependent on each other. But, if your application is stateful and needs memory in order to know what to do and how to do it, having functions activated at the same time using the same memory doesn’t work in a serverless world, Klang explained. “You get a contention on storage. Can functions be processed in parallel or not, and if they do, will the result still be true because another function could have updated that information before the other one could continue or see the change. Another way to look at it is thinking about a shopping cart. If you are an online store, you want your customers to be able to have a consistent view of their shopping cart no matter the device they are shopping on. If they make a change on their phone, you want them to be able to see that change when they log into their computer. “In order to facilitate that, you need state. You need to manage what is inside that shopping cart and that is something which has clear consistency requirements, but also you have more possible potential points of entry to your state,” said Klang. How businesses have traditionally tried to get around the issue is push the continued on page 26 >
25
024-26_SDT028.qxp_Layout 1 9/24/19 4:14 PM Page 26
26
SD Times
October 2019
www.sdtimes.com
< continued from page 25
problem into the database, but that just creates more issues. “Whenever you have multiple function activations against the same piece of information, you wrap each in a database transaction to deal with resolving conflict, but the problem with that is the contention part because now the database has to be responsive to do the transaction coordination,” said Klang. “It also means you have to figure out how to scale out your database, know which data is where, and coordinate access to that data if you split it up.” Lightbend wants to address this with the release of its open-source project, CloudState. “Bringing stateful microservices, fast data/streaming, and the power of reactive technologies to the cloud-native ecosystem breaks down the final impediment standing in the way of a serverless platform for general-purpose application development, true elastic scalability, and global deployment in the Kubernetes ecosystem,” said Jonas Bonér, chief technology officer at Lightbend. CloudState tries to address the state serverless problem by having the state pass into the function instead of the function accessing the state. “What CloudState does is it makes sure that only one activation for that same piece of information is being handled at once,” said Klang. “If you let the database management system deal with the coordination, then once you start scaling out your functions you are actually increasing contention in the database. People think by parallelizing the load they are going to be able to do more, but they are actually only able to do less because it is going to wait to get IO. Coordination takes longer the more things are actually contending for something. By having this data and the data access being handled separately, we can figure out if the database is the bottleneck or if it is the function processing that is the bottleneck, and then making a scaling decision becomes so much easier.” Currently CloudState targets common stateful use cases such as training and serving machine learning models,
Serverless vs. containers Serverless and containers are both software architecture design choices, which causes a common misconception that it is either one or the other, according to Chris Parlette, director of cloud solutions for the cloud services company ParkMyCloud. “A lot of people put serverless against containers, but there is room for both,” he said. There are three main ways to set up your architecture when it comes to the cloud. First, there is a traditional server approach where you run a virtual machine. Then there is the container approach where you have isolated environments in which you run individual applications or individual services. And then the third model is serverless, where you have hosted database services running for you instead of having to install them yourself. Parlette explained that you don't have to just pick one of the three, but there can be a mix and match. In fact, Tolga Tarhan, CTO at, cloud-native services company Onica, believes a full cloud-native story involves both serverless and containers working together. “Serverless is often a major component in how we define cloud native. The main definition we are going for is leveraging the higher value, more managed services from the cloud vendor as opposed to leveraging just virtual machines in the cloud,” he said. “Containers and serverless together can address just about every use case moving to the cloud today, but either one by themselves isn’t the whole story,” he said. For instance, if you have an existing microservices architecture, it makes more sense to keep those services on containers. However, if you are building new microservices, you can start to move to a serverless approach, he explained. Additionally, Tarhan said you can split your microservices into both containers and serverless architecture. “Let’s say you have 20 microservices and three don’t fit serverless very well, then you can use containers for those three and do serverless for the other 17,” he said. Serverless works very well in small discrete tasks, or large applications that are made up of small discrete parts, according to Cloudflare’s CTO John Graham-Cumming. Where containers come in is if there are more complex requirements, access to a lot of data or developers are writing in a language that serverless platforms don’t support yet. Then the challenge becomes having to manage both types of environments and knowing how to deploy, adhere, maintain and scale both. “I don’t think that is an unreasonable tall order, but it is added complexity to mix and match,” said Tarhan. Areas where serverless might not make more sense over containers include portability between cloud providers, hybrid cloud solutions, and legacy systems with long running connections. “There are still going to be classes of applications where you want more control, and there is also value to be had in more de facto standard for operationalizing code in a cluster,” said Viktor Klang, deputy chief technology officer for the cloud-native company Lightbend. z
low-latency real-time prediction and recommendation serving, user sessions, distributed transactions, shared collaborative workspaces, and workflow management. “Stateless functions is a great tool that has its place in the cloud computing toolkit, but for Serverless to reach
the grand vision that the industry is demanding of a Serverless world while allowing us to build modern data-centric real-time applications, we can’t continue to ignore the hardest problem in distributed systems: managing state—your data,” according to the CloudState website. z
Full Page Ads_SDT028.qxp_Layout 1 9/24/19 10:18 AM Page 27
029_SDT028.qxp_Layout 1 9/24/19 11:17 AM Page 29
By David Rubinstein
S
oftware testing ain’t what it used to be. That’s for sure. The days of waiting for a software release incorporating new features and bug fixes to be locked down so it could be “thrown over the wall” to test/QA teams to validate are long gone. We now see organizations releasing software multiple times per day, all of which have to be tested for functionality, and to make sure they don’t break the application. Some changes could be in a monolithic application, some might be in microservices and still others are to applications running on mobile devices.
These changes in how we develop have led to a sea change in how we test. Today, automation is critical, and testing has “shifted left” to be done much earlier in the development process. It’s daunting, but with the right processes and tools, your testing practice can not only keep up with development but can also help you release better quality software at this quickened pace. This showcase is a guide to some of the companies providing testing tools, as each comes at the challenges from a different perspective. We hope you find it useful. i OCTOBER 2019 29
Full Page Ads_SDT028.qxp_Layout 1 9/24/19 10:19 AM Page 30
The Cloudâ&#x20AC;&#x2122;s #1 Continuous Testing Platform Accelerate digital transformation across the enterprise with a comprehensive suite of software testing tools â&#x20AC;&#x201C; from agile test management to automated continuous testing for enterprise architectures.
031_SDT028.qxp_Layout 1 9/24/19 11:32 AM Page 31
S O F T WA R E T E S T I N G SHOWCASE
Test Automation at the Speed of DevOps By Lisa Morgan Remember the old adage: “Speed, Cost, Quality — pick any two?” This tradeoff is no longer an option. With digital transformation initiatives driving DevTest teams to scale Agile and adopt DevOps, all three vectors must be addressed. This requires a fundamental shift in how you approach testing. It’s not a matter of acquiring more or better tools; holistic process transformation is required. That’s why Tricentis defined “continuous testing” and developed the industry-leading continuous testing platform. Organizations turn to Tricentis to make a fundamental process change in their testing process while lowering business risks and accelerating software delivery. Tricentis’ intelligent modelbased approach ensures the reliability, flexibility and actionable insights companies need to accelerate and automate the most demanding delivery cycles. “Continuous testing ensures that the right stakeholders have access to the right information at the right time. You can execute automated testing as part of the software delivery pipeline and obtain immediate feedback on the business risks associated with a software release,” said Wayne Ariola, chief marketing officer at Tricentis. Tricentis is among the 2019 SD Times 100 for its leadership in the Testing category and has also been recognized as a “leader” by Forrester, Gartner and IDC. Its continuous testing platform enables organizations to achieve more than 90 percent test automation, 5X or better speed increases and more than 80 percent risk coverage. Tricentis’ successful enablement of continuous testing is further reflected in its 80 percent annual growth rate and over 1,600 global customers. In addition, Tricentis enjoys the largest software distribution among global systems integrators.
SCALED AGILE, DEVOPS NEED CONTINUOUS TESTING Agile success is easier to achieve with a small project that involves just a web interface. However, as Agile projects scale, the underlying architecture and the necessary testing strategies become more complex. While risk mitigation strategies tend to include shift-left and shift-right, what’s really needed is continuous testing throughout the life cycle, especially as teams advance to DevOps. “When you scale Agile, you recognize that you need to radically alter the traditional testing processes. When you move to DevOps, those processes must again scale to an entirely different level of automation,” said Ariola. “As you move down the DevOps path, eventually, you conclude that continuous testing must be executed within the contexts of business objectives and business risks — not just ‘siloed application test results.’ ”
Scaled Agile and DevOps break down when speed and quality imperatives are out of sync. A symptom of that is approaching continuous testing from a tool perspective rather than a process perspective. The former creates process friction while the latter alleviates it. “You need holistic process transformation to achieve business transformation and DevOps transformation goals,” said Ariola. “A ‘chasm’ that often plagues organizations is the gap between a small team of brilliant, technical people who succeeded with an Agile or DevOps pilot and the larger population necessary to affect scaled Agile or DevOps which is more diverse.” For a small project with a simple architecture, Selenium scripts or free Selenium-based tools work well. However, when Agile and DevOps scale, the underlying architecture becomes more complex necessitating intelligent, end-to-end continuous testing processes.
IMPROVE USER JOURNEYS AND LOWER BUSINESS RISKS Consistent user journeys have become more important than individual component outcomes, so software teams need a means of ensuring quality that doesn’t slow value delivery. “Transformation conversations are tightly aligned with business objectives because companies understand they’re competing with digital natives who are disrupting entire industries,” said Ariola. “Software teams adopted CI to execute builds faster and more consistently. More recently, they’re adopting CD to package and ship quickly and automatically. What’s missing is the governance that can ensure quality across the end-to-end user experience. This is enabled through continuous testing.” Instead of asking whether testing is “done” yet, organizations should ask whether a release reflects an acceptable level of risk. To achieve that, software teams need to understand what they’re going to release, when they’re going to release it, the level of acceptable business risk and how they’ll measure success. Using Tricentis, Agile and DevOps teams can measure and govern risk, as well as quickly define and update tests across the architecture. Its model-based testing capabilities propagate a change throughout an entire test suite automatically. “Tools don’t solve the problem of testing at scale; process transformation does,” said Ariola. “Tricentis allows you to focus on the holistic problem of end-to-end continuous testing using a business risk approach. We support over 160 different technologies so you can achieve the resiliency, speed and success you seek at scale.” Learn more at www.tricentis.com. i OCTOBER 2019 31
032_SDT028.qxp_Layout 1 9/25/19 12:31 PM Page 32
S O F T WA R E T E S T I N G SHOWCASE
Top UI Testing Tools for Selenium Users product manager, Parasoft UI testing is relatively straightforward, as long as nothing changes. But the problem is, web UIs change all the time. Many new UI testing tools have come to market in the last few years, but only a handful tackle this problem without forcing the user to abandon Selenium to adopt a new, proprietary platform. BY CHRIS COLOSIMO,
KATALON For a free tool, Katalon does quite a lot. Its recorder plugs into the Chrome browser so you can generate test cases, and then the tool builds them in the Katalon IDE using the page object model, so they are highly maintainable. Pros: • Recommends smart locators • Uses the page object model • Has a self-healing capability (paid plug-in) Cons: • Although you can export your tests as Selenium, once you’ve exported you lose all the usability of Katalon, and the export doesn’t include the page object model, so the tests become hard to reuse and maintain • Their expensive customer support is only available at the enterprise level • Doesn’t directly integrate into your existing execution framework (uses a proprietary framework, CI integrations are available as plugins) Key takeaways: Users can start using Katalon with limited technical knowledge, creating test cases quickly, thanks to the keywords in the program. It’s free to use Katalon Studio to test your Web and Mobile applications, but to get the benefit of some of those exciting innovative technologies, you’ll have to upgrade or purchase paid plugins.
PARASOFT SELENIC Parasoft Selenic enhances an existing Selenium testing practice by adding AI-powered locators and self-healing. Integrating directly into your existing CI/CD pipeline, Selenic analyzes the Selenium tests at runtime, and if a failure is detected (e.g. due to a bad locator), it will self-heal the test and provide recommendations on how to fix the test for future runs. Selenic’s recorder for Chrome generates pure Selenium tests that leverage the page object model for maximum maintainability. Pros: • Creates Selenium tests that use the page object model • Executes self-healing on Selenium tests at runtime • Integrates directly into your CI process Cons: • No free version (just a free trial) • The current version only supports Java, JUnit 4 and Eclipse Key takeaways: AI-powered recommendations on existing selenium tests make it easy to add this solution to your existing 32 OCTOBER 2019
Selenium practice and gain significant value. One of the only tools that comes with enterprise-level customer support.
RANOREX WEBTESTIT Webtestit is a new offering from Ranorex. It’s pure code, with a “design first” approach vs. record-and-playback. You can interact with your user interface and build your scripts through helper actions in their proprietary IDE. It's still a little unclear where Ranorex Studio stops and Webtestit begins, but this should become clearer over time. Pros: • Uses the page object model for test creation • Recommends locators through their Selocity chrome plugin which is available for free • Great helper actions during test creation within the IDE Cons: • No recording functionality • Proprietary IDE — developers have to ditch their IDE of choice • Just a solution for test creation — no analysis at runtime, or self-healing capabilities Key takeaways: Organizations looking to have an assistive tool for code creation will likely find this solution useful. Without record-and-playback, users are encouraged to build from the bottom-up rather than top-down. In combination with their Selocity Chrome plug-in, users can draw out pages as objects and import them into the webtestit tool, making it very friendly for those looking to use the page object model.
SELENIUM IDE Selenium IDE is an open-source project that harnesses the power of Selenium in a Chrome plugin. Getting started with Selenium IDE requires no additional setup other than installing the extension on your browser, aligning with the project’s driving philosophy of providing a tool that’s easy to use and gives instant feedback. Pros: • Users can export any created test into a script, making it a powerful tool for UI test creation • Offers multiple locator strategies for each element it records • Has a self-healing feature (but doesn’t work on Selenium scripts outside of the Selenium IDE) Cons: • Does not fit directly into your CI/CD process • A black box (when something doesn’t get recorded, you have to export to code to figure out what’s going on) • Doesn’t use the page object model when building tests Key takeaways: The Selenium IDE is simple to use, giving users the ability to rapidly create tests against their Web UIs. It will feel natural for those accustomed to the framework, but it’s still an evolving open-source project and not always reliable. i
Full Page Ads_SDT028.qxp_Layout 1 9/24/19 10:20 AM Page 33
Full Page Ads_SDT028.qxp_Layout 1 9/24/19 10:20 AM Page 34
035_SDT028.qxp_Layout 1 9/24/19 12:08 PM Page 35
S O F T WA R E T E S T I N G SHOWCASE
Mobile Labs Right-Sizes Testing By Lisa Morgan When it comes to mobile app testing labs, one size doesn’t fit all. App team sizes differ, as do app requirements and team preferences. Recognizing that, Mobile Labs recently announced three different solutions for teams just getting started with testing, enterprise teams and teams that need real-time testing capabilities. “The biggest testing challenge in the mobile space is the pace of change across devices, operating systems and apps,” said Angela Culver, chief marketing officer at Mobile Labs. “Companies, particularly in retail, realize that mobile apps help them increase product-related revenue. The competitive environment has become so fierce, they’ve moved to agile and DevOps releases, but from a brand standpoint, they can’t sacrifice app quality for delivery speed.” Delivering apps with high confidence requires testing on actual devices, since simulators and emulators fall short. With Mobile Labs’ GigaFox mobile testing lab with hosted and onpremises offerings, Agile and DevOps teams can choose the option that best meets their needs while enjoying the freedom to use their choice of DevOps, build, automated testing and manual testing tools and processes. All GigaFox offerings centralize testing in a private hosted environment or behind a firewall, so distributed teams don’t have to buy devices for one location and ship them elsewhere.
provides instant, real-time access to devices to team members anywhere on the globe. “GigaFox Red is our main enterprise offering,” said Culver. “Customers use it for manual and/or automated testing, using built-in Appium or other commercial and open-source testing tools including Tricentis, Eggplant, Micro Focus, and Ranorex. It also supports Jenkins and other build systems.” GigaFox Red brings private cloud benefits to development, DevOps, and testing workflows. It integrates seamlessly with a customer’s network, giving teams complete control of performance, security and assets. Anchored behind corporate firewalls, GigaFox Red is a high-performance, small-footprint mobile device testing lab that houses iOS and/or Android smartphones and tablets in a single, lockable cabinet.
GIGAFOX STARTERKIT
GigaFox Silver can reside behind corporate firewalls or inside Mobile Labs’ secure data center. Either way, GigaFox Silver provides access to more iOS and Android smartphones and tablets than GigaFox Red. Like the smaller versions of GigaFox, GigaFox Silver includes Appium automated testing and supports all build and DevOps tools as well as manual and automated testing tools and processes. “One thing that differentiates GigaFox Silver is the Graphics Extension Manager (GEM). It can handle streaming games or other rich content experiences that need to be tested in a realtime environment,” said Culver. “Real-time speed anywhere in the world is another differentiator. We optimize bandwidth so team members regardless of their location can have the same experience. If there’s an absolute requirement for no lag time, GigaFox Silver is for you.” GEM adds new levels of real-time smoothness and responsiveness to hosted cloud devices, so teams can avoid the delays and choppiness that degrade the effectiveness of rich content testing. With GigaFox Silver, enterprise mobility teams are empowered to deliver superior user experiences that distinguish their apps, products and brand. For more information visit www.mobilelabsinc.com. i
GigaFox StarterKit is the most basic version of Mobile Labs’ GigaFox secure mobile device lab. Teams get instant access to five dedicated iOS and/or Android devices via a monthly or annual subscription. The service is also available as an onpremises solution for those who prefer to test behind a firewall. “GigaFox StarterKit offers many of the same benefits the higher GigaFox subscription levels deliver, but it’s geared toward smaller teams and teams that are just getting started with mobile testing,” said Culver. GigaFox StarterKit includes 24x7 access to private, dedicated devices, real-time manual testing and built-in Appium test automation, all of which are available in Mobile Labs’ enterpriselevel GigaFox Red, but in a smaller, nimbler footprint. GigaFox StarterKit also provides the speed and superior performance of GigaFox Red but with fewer devices available for testing.
GIGAFOX RED GigaFox Red, formerly called deviceConnect, is for enterprise teams that want to test multiple apps across multiple platforms, operating systems and device types. Available as an on-premises offering only, GigaFox Red is a secure mobile testing lab that
GIGAFOX SILVER GigaFox Silver is a secure mobile testing lab that provides team members anywhere in the world with instant, real-time access to devices. As a hosted or an on-premises solution,
“The biggest testing challenge in the mobile space is the pace of change across devices, operating systems and apps.” —Angela Culver
OCTOBER 2019 35
036_SDT028.qxp_Layout 1 9/24/19 11:21 AM Page 36
S O F T WA R E T E S T I N G SHOWCASE
Eggplant Uses AI to Keep Users Happy, Drive Value By Christina Cardoza Everyone wants to test faster and cheaper, but they forget about testing smarter in the process. A recent report from the test automation company Eggplant found improving customer experience is the number one priority for organizations, but almost half of businesses are having trouble testing for real user experience. The research also found that business leaders and development teams are misaligned when it comes to testing strategies. For instance, teams prioritize the productivity of testing more than the business, and the business is more focused on improving the usability of the product than IT teams. “To accelerate digital transformation, business leaders must recognize that delivering the best customer experiences hinges on the quality of their software. The way organizations build and test software can improve, or hinder, customer experience and overall business outcomes,” the Eggplant report stated.
VERIFICATION VERSUS VALIDATION The traditional way of testing was to think of testing in terms of verification and validation, according to Antony Edwards, COO of Eggplant. Verification looked at whether or not the software did what it was supposed to do while validation looked at whether it was what users actually wanted. What happened was testers thought they could start with verification because that seemed easier to obtain, than once verification was in place they would move onto validation. However, as a result testers lost sight of user expectations and focused just on testing that the softare worked. “No one can write specifications of sufficient details that really predicts everything a user might care about, and as a result of that you have testing teams becoming more technical, which takes them away from the users and problem domain,” said Edwards. “Testers decided they would rather focus at a very low level of detail on technology matters, looking at verification and compliance” However, Edwards explained if you ask users what they look for in a product, they care about performance, usability, accessibility and design — and that is what testers should be worried about. “As software becomes a key part of businesses and as business almost becomes digital products themselves, all those factors around usability, performance, accessibility as well as functionality just massively drive that user experience,” said Edwards. “Companies need to understand that and test teams can’t just say we are just focusing on making sure the functionality compiles with the specification.” 36 OCTOBER 2019
WHERE AI AND EGGPLANT COMES INTO THE PICTURE An AI-enabled continuous test automation solution can help deliver higher quality software more quickly. Testing is full of data. Business have access to data on all the tests runs that were ever done, what the results were, what products shipped, and what defects were found after the testing — yet they aren’t properly utilizing any of this data. According to Edwards, machine learning is a great way of identifying how technology factors actually impact users, and that information can then be brought back into your development and testing. Eggplant is designed to auto generate tests, select which tests to run and decide what failure looks like.
“No one can write specifications of sufficient details that really predicts everything a user might care about, and as a result of that you have testing teams becoming more technical.” —Antony Edwards “When people say they have automated 100 percent of their testing, it is a bit of a misnomer because what they actually automated is test execution,” said Edwards. “If you still have people designing tests, writing test scripts, maintaining test scripts, setting up environments, creating test data, reading test results, debugging tests, and deciding what tests to run, then you really haven’t automated testing. You’ve automated test execution.” With AI, Eggplant is able to look at the application, code, APIs, user interface, user behavior, production data and start to understand how it all influences business aspects and what tests to run. “AI is great at taking a huge search space and then condensing that down and focusing on things you care about,” said Edwards. “That is what we do. The company can generate billions of test cases for users to can run, look at the code, decide where the risks are, look at the testing and results already in place, look at the changes, look at who made the changes and decide what is important. What users end up with is a continuous and automated approach to software that improves business outcomes, aligns with what the customer wants, and delivers continuous digital improvement. “People are making software for a purpose, and Eggplant is all about how do we help people make software that delights users and drivers the user outcomes,” Edwards added. Learn more at eggplant.io. i
Full Page Ads_SDT028.qxp_Layout 1 9/24/19 10:20 AM Page 37
Let’s rid the world of bad software.. Bad software is costing your business more than you think. ÀǘƊȁDzȺ ɈȌ ǞȁɈƵȲȁƊǶ ƊȁƮ ƵɮɈƵȲȁƊǶ ƮƵ˛ƧǞƵȁƧǞƵȺ ةǿƊȁƊǐƵǿƵȁɈ ǏƊǞǶɐȲƵȺ ƊȁƮ ɈƵƧǘȁǞƧƊǶ ƮƵƦɈ ةɈǘƵ ƧȌȺɈ ȌǏ ƦƊƮ ȺȌǏɈɩƊȲƵ Ǟȁ ɈǘƵ Çخ² خƊǶȌȁƵ ǶƊȺɈ ɯƵƊȲ ȲƵƊƧǘƵƮ ׄخׂٽɈȲǞǶǶǞȌȁ خRȌɩ ǿɐƧǘ ǞȺ ǞɈ ƧȌȺɈǞȁǐ ɯȌɐ د We’re eggplant, and we’re on a mission.
eggplant.io
²ɈƊɈǞȺɈǞƧ ǏȲȌǿ بThe Cost of Poor Quality Software in the US: A 2018 Report. !ȌȁȺȌȲɈǞɐǿ ǏȌȲ XÀ ²ȌǏɈɩƊȲƵ ©ɐƊǶǞɈɯ !ـX²© خفRƵȲƦ jȲƊȺȁƵȲ خ²ƵȯɈƵǿƦƵȲ ׂخׁ׀ׂ ة׆
Full Page Ads_SDT028.qxp_Layout 1 9/24/19 10:22 AM Page 38
039_SDT028.qxp_Layout 1 9/24/19 11:26 AM Page 39
S O F T WA R E T E S T I N G SHOWCASE
ProdPerfect Removes the Burden of QA Testing By Christina Cardoza There are typically three levels of quality assurance testing maturity. One is the classic waterfall approach where it takes weeks to get a deploy ready. Then, there is the continuous development and continuous delivery approach where QA engineers are put in place to handle automation. The most mature way of tackling QA is removing QA engineering as a separate practice, and making all your engineers responsible for the quality of features. The problem is that none of these levels of maturity seem to be able to get QA right. “No one has a good answer. Enterprise are failing in waterfall structures. Agile teams are failing or running into difficulty hiring and maintaining QA engineers. Silicon Valley is having to hire only the most senior folks, and even then it is through force of will and pain they are able to keep test suites to a point they are happy with,” said Dan Widing, founder and CEO of the automated QA testing provider ProdPerfect.
AUTOMATING QA There is a better way. ProdPerfect removes the struggle it takes to set up a QA engineering department, and automates QA testing using live user data. This is “dramatically cheaper, dramatically faster, gets you a result faster, [and is] going to nearly guarantee that you catch bugs as part of your process,” Widing explained. ProdPerfect is able to obtain live user data by analyzing web traffic and creating flows of common user behavior. That behavior is then built into an end-to-end testing suite that ProdPerfect maintains, expands and updates based on actual user data over time. According to Widing, QA testing is “incredibly difficult, painstaking work that almost tends to be underappreciated by the organization itself,” and the folks who are having to deal with this are just overburdened with work. “We have a mechanism that lets us shake out the environment the customer needs us to test against… and then we are using a testing framework that lets us plug in our learnings from these steps to produce an automatically updated test suite,” he continued. “The experience the customer gets is a black box QA engineering department... What you get at the end is an autoupdated test suite that can run continuously in your CI system that just tests your application.” ProdPerfect covers every core workflow with applications, provides 95 percent or more of test stability, less than fourhour regeneration of broken tests, and less than 48-hour test
coverage for new feature sets. “You don’t need to do anything to build, maintain, or expand the testing suite. We got it. You need to respond to bug reports, of course, and keep a stable testing environment up and running for us, but that’s all. Very frequently people call this ‘magic’ or ‘too good to be true,’” the company stated on its website.
GETTING THE RIGHT METRICS ProdPerfect not only works to ensure QA testing is covered, but also works to help teams understand what the right metrics to quantify success are. “That is something we put into our service every step of the way. What your browser automation should be doing is catching as many significant bugs as possible whatever stage it is testing at and then otherwise staying as much out of the way,” said Widing.
“If you don’t set up your design and data strategy or set up the right tooling, everything falls apart.” —Dan Widing
You will know you have a solid testing foundation in place when you don’t ship a fire drill-style bug and have to wake up in the middle of the night and figure out how to deal with it or who is on top of it, Widing explained. Since ProdPerfect is already analyzing what users are doing, it can project how things should be working and make sure they stay working. The solution tests features continuously, detects any significant bugs and verifies the feature set is actually working. “We aim to stay out of the way by crafting what are the other metrics that are important to make sure you are not slowing down the software team,” said Widing. Additionally, the solution will measure against minimumfrequency thresholds to confirm its performance. “If you don’t set up your design and data strategy or set up the right tooling, everything falls apart and you have to work particularly hard to make sure all the pieces work together otherwise any singular improvement is not going to help you at all,” Widing said. Learn more at ProdPerfect.com. i OCTOBER 2019 39
040_SDT028.qxp_Layout 1 9/24/19 11:26 AM Page 40
S O F T WA R E T E S T I N G SHOWCASE
Perfecto: Continuous Testing at Scale By Lisa Morgan DevOps teams need to deliver high-quality web and mobile software quickly to satisfy end customers and keep their employers’ businesses competitive. But it can be difficult to assure product quality when the target devices are undergoing software and browser updates themselves. Testing remains a DevOps bottleneck because there isn’t enough testing and quality assurance talent available to achieve quality at scale, especially when app updates are being delivered every week or every day. Using Perfecto’s cloud-based continuous testing service, software teams can achieve their release velocity and quality targets consistently using their existing talent. “One of the things customers like about Perfecto is its flexibility,” said Eran Kinsbruner, chief evangelist at Perfecto by Perforce. “You can write Selenium or Appium scripts to automate tests or you can use machine learning to automatically create tests based on smart and maintainable script recording and playback.”
“There are four pillars you need to be successful with continuous testing: Creation, Execution, Lab, and Analysis.” —Eran Kinsbrunner With Perfecto, DevOps teams that are building mobile and web apps can easily scale testing as necessary across real devices and desktop browsers they don’t have to buy, configure or maintain. When a coding error arises, Perfecto automatically identifies it so it can be resolved immediately. If a device loses a Wi-Fi connection or a screen locks, Perfecto restores it immediately so continuous testing remains continuous.
THE FOUR CONTINUOUS TESTING SUCCESS PILLARS The Google Cloud team recently released a report that explains the differences between elite DevOps teams and trailing DevOps teams. The trailing teams’ DevOps practices are negatively impacted by the number of manual activities required to achieve test automation and test coverage. They also have trouble identifying the root causes of issues because they lack visibility into the necessary quality artifacts. “There are four pillars you need to be successful with continuous testing: Creation, Execution, Lab, and Analysis, or CETA as we call it,” said Kinsbruner. “When you can accomplish that all in one place, software quality and delivery speed increase.” #1: Creation – DevOps teams should be able to create robust and maintainable test automation that is agnostic to the skillsets 40 OCTOBER 2019
in the organization. With Perfecto, anyone on the team can create automated tests. #2: Execution – Test execution should be orchestrated and able to scale across platforms, browsers and devices, as well as in burst mode. “When you have an important feature you want to release, and you want to identify issues in a very short amount of time or you have a patch for a large system you want to validate quickly, you need instant access to the high number of platforms you’re executing against,” said Kinsbruner. “People who want to test continuously and scale up or down dynamically need a solid execution layer. Perfecto gives you that.” #3: Lab – Where tests are executed matters. If in-house, hardware, software and browser-related issues arise because each target device manufacturer has its own associated DevOps cycle. Emulators and Simulators don’t help. Perfecto provides a cloud-based lab; there’s no software to install or test environments to set up and maintain. Its lab is also more secure than an in-house environment because test data doesn’t get lost, and there’s no possibility of a side-channel security issue, such as from a smartphone to a desktop. #4: Analysis – Making sense of all the test data that can be generated at scale is difficult without the right tools. Some Perfecto customers generate more than a million scripts in a full regression cycle — far too many for even a brilliant human to analyze. Perfecto uses machine learning to automatically surface the issues and related artifacts as necessary to resolve the issue. Perfecto also provides users with single-screen access to builds and the tests associated with them, a heat map of issues relating to specific platforms and pass/fail data based on the platforms that were executed. If developers want to drill down into a single test case, they get full visibility into all associated test artifacts including log files, crash reports, HTTP archives, screen shots and video recordings. “We use machine learning to filter the noise out of the test data, so engineers only have to deal with actual failures,” said Kinsbruner.
LOWER BUSINESS RISKS Software value and brand image are now synonymous, which is why organizations across industries are racing to deliver apps and features that differentiate them from their competitors. However, they often make tradeoffs between speed and quality that cause customers to complain or churn. Perfecto helps ensure that the user experiences DevOps teams intend to deliver to customers are delivered to customers. For more information, visit www.perfecto.io. i
Your Continuous Testing Checklist. CLOUD-BASED LAB REAL DEVICES & DESKTOP BROWSERS CODELESS & CODE-BASED SCRIPTING SCALABLE EXECUTIONS FOR WEB & MOBILE SMART REPORTING & ANALYTICS Perfecto checks all your boxes.
Try it today!
042-43_SDT028.qxp_Layout 1 9/24/19 2:05 PM Page 42
Featured Companies n Eggplant helps organizations put users at the center of software testing to create amazing digital experiences that drive user adoption, conversion, and retention. Our Digital Automation Intelligence Suite interacts with software exactly like a real user to test the true user experience, and auto-generates tests at the UI and API level for greater productivity. Eggplant solutions enable customers to test the full user experience, including performance and usability, managing the test environment and orchestrating large-scale test execution, and generating predictive analytics to understand the impact of a change on users across a wide range of operating systems and platforms.
n Mobile Labs remains the leading supplier of in-house mobile device clouds that connect remote, shared devices to Global 2000 mobile web, gaming, and app engineering teams. Its patented GigaFox is offered on-premises or hosted, and solves mobile device sharing and management challenges during development, debugging, manual testing, and automated testing. A pre-installed and pre-configured Appium server provides “instant on” Appium test automation.
n Parasoft’s software testing tool suite automates time-consuming testing tasks for developers and testers, and helps managers and team leaders pinpoint priorities. With solutions that are easy to use, adopt, and scale, Parasoft’s software testing tools fit right into your existing toolchain and shrink testing time with next-level efficiency, augmented with AI. Parasoft users are able to succeed in today’s most strategic development initiatives, to capture new growth opportunities and meet the growing expectations of consumer demands.
n Perfecto offers a cloud-based continuous testing platform that takes mobile and web testing to the next level. It features a continuous quality lab with smart self-healing capabilities; test authoring, management, validations and debugging of even advanced and hard-to-test businesses scenarios; text execution simulations; and smart analysis. For mobile testing, users can test against more than 3,000 real devices, and web developers can boost their test portfolio with cross-browser testing in the cloud. n ProdPerfect fully automates the development and maintenance of browser-level testing using live user data. ProdPerfect analyzes your web traffic to create aggregated flows of common user behavior, which we build into an end-to-end testing suite that we maintain and expand over time, which kicks off automatically from CI.
n Tricentis is recognized by both Forrester and Gartner as a leader in software test automation, functional testing, and continuous testing. Our integrated software testing solution, Tricentis Tosca, provides a unique Model-based Test Automation and Test Case Design approach to functional test automation – encompassing risk-based testing, test data management and provisioning, service virtualization, API testing and more. 42 OCTOBER 2019
n Applause is the worldwide leader in digital quality and crowdtesting. Software is at the heart of how all brands engage users, and digital experiences must work flawlessly everywhere. With highly-vetted testers available on-demand around the globe, Applause provides brands with a full suite of testing and feedback capabilities.
n Applitools is on a mission to help test automation, DevOps, and software engineering teams release mobile and web apps that are visually perfect. We provide the only commercial-grade, visual AI-based test cloud that instantly validates any application’s user interface in a fully automated manner, across all customer engagement points and digital platforms – using our groundbreaking image-processing stack, developed from scratch in-house. n AutonomIQ can discover, ingest, and transform English language artifacts into immediately executable, shareable and manageable Test Scripts. Using deep-learning and AI algorithms, AutonomIQ detects natural language documents and changes, automates and enables self-healing, and provides advanced diagnostics. In real world situations, AutonomIQ has been shown to provide ~90% improvement in speed and quality compared to existing tools and techniques.
n CA, a Broadcom Company: CA offers next-generation, integrated continuous testing solutions that automate the most difficult testing activities – from requirements engineering through test design automation, service virtualization and intelligent orchestration. Built on end-to-end integrations and open source, Broadcom’s comprehensive solutions help organizations eliminate testing bottlenecks impacting their DevOps and continuous delivery practices to test at the speed of agile, and build better apps, faster.
n Froglogic is well-known for its automated testing suite Squish with its flagship product Squish GUI Tester, the market-leading automated testing tool for GUI applications based on a wide variety of languages, operating systems and web browsers. In addition, froglogic offers the professional, crossplatform C, C++, C# and Tcl code analysis tool Coco Code Coverage.
n Functionalize is a cloud-based autonomous testing solution uses AI and ML to provide intelligent test automation. Our Adaptive Language Processing (ALP) converts test plans written in plain English into fully functional test scripts. It can even use the output of your test management system. With autonomous testing, you now have an intelligent test agent (ITA) supercharging the work of your test and DevOps teams. This ITA is the perfect regression tester – focused, tireless, and driven, but still intelligent. Functionalize turns testing into a competitive advantage when it matters the most – getting to market faster while ensuring higher customer satisfaction. n HPE Software’s automated testing solutions simplify software testing within fast-moving agile teams and for Con-
042-43_SDT028.qxp_Layout 1 9/24/19 2:06 PM Page 43
tinuous Integration scenarios. Integrated with DevOps tools and ALM solutions, HPE automated testing solutions keep quality at the center of today’s modern applications and hybrid infrastructures.
n IBM: Quality is essential and the combination of automated testing and service virtualization from IBM Rational Test Workbench allows teams to assess their software throughout their delivery lifecycle. IBM has a market leading solution for the continuous testing of end-toend scenarios covering mobile, cloud, cognitive, mainframe and more.
n mabl is the most reliable codeless UI testing service available. mabl enables continuous testing with an auto-healing automation framework and maintenance-free test infrastructure. mabl advances traditional UI testing using proprietary machine learning models to automatically identify application issues, including JavaScript errors, visual regressions, broken links, increased latency, and more.
n Micro Focus is a leading global enterprise software company with a world-class testing portfolio that helps customers accelerate their application delivery and ensure quality and security at every stage of the application lifecycle – from the first backlog item to the user experience in production. Simplifying functional, mobile, performance and application security within fast-moving Agile teams and for DevOps, Micro Focus testing solutions keep quality at the center of today’s modern applications and hybrid infrastructures with an integrated end-toend application lifecycle management solution that is built for any methodology, technology and delivery model.
n Microsoft provides a specialized tool set for testers that delivers an integrated experience starting from agile planning to test and release management, on-premises or in the cloud.
n Now Secure is the mobile app security software company trusted by the world’s most demanding organizations. Only the NowSecure Platform delivers fully automated mobile app security and privacy testing with the speed, accuracy, and efficiency necessary for Agile and DevSecOps environments. Through the industry’s most advanced static, dynamic, behavioral and interactive mobile app security testing on real Android and iOS devices, NowSecure identifies the broadest array of security threats,
compliance gaps and privacy issues in custom-developed, commercial, and business-critical mobile apps. NowSecure customers can choose automated software on-premises or in the cloud, expert professional penetration testing and managed services, or a combination of all as needed. NowSecure offers the fastest path to deeper mobile app security and privacy testing and certification.
n Orasi is a leading provider of software testing services, utilizing test management, test automation, enterprise testing, Continuous Delivery, monitoring, and mobile testing technology.
n Progress: Telerik Test Studio is a testautomation solution that helps teams be more efficient in functional, performance and load testing, improving test coverage and reducing the number of bugs that slip into production.
n QASymphony’s qTest is a Test Case Management solution that integrates with popular development tools. QASymphony offers qTest eXplorer for teams doing exploratory testing. n QMetry is a leader in test management, test automation, and test analytics products. QMetry Intelligent Digital Quality Platform is designed for Agile & DevOps teams to build, manage & deploy quality software faster & better. QMetry has the complete agile testing solution with test management, automation, & powerful quality analytics for digital enterprises.
n Rogue Wave is the largest independent provider of cross-platform software development tools and embedded components in the world. Rogue Wave Software’s Klocwork boosts software security and creates more reliable software. With Klocwork, analyze static code on-the-fly, simplify peer code reviews, and extend the life of complex software. Thousands of customers, including the biggest brands in the automotive, mobile device, consumer electronics, medical technologies, telecom, military and aerospace sectors, make Klocwork part of their software development process.
n Sauce Labs provides the world’s largest cloud-based platform for the continuous testing of web and mobile applications. Founded by the original creator of Selenium, Sauce Labs helps companies accelerate software development cycles, improve application quality, and deploy with confidence across hundreds of browser /
OS platforms, including Windows, Linux, iOS, Android & Mac OS X. Optimized for Continuous integration (CI), Continuous delivery (CD), and DevOps, the Sauce Labs platform is built to handle the most secure data from its customers.
n SmartBear provides a range of frictionless tools to help testers and developers deliver robust test automation strategies. With powerful test planning, test creation, test data management, test execution, and test environment solutions, SmartBear is paving the way for teams to deliver automated quality at both the UI and API layer. SmartBear automation tools ensure functional, performance, and security correctness within your deployment process, integrating with tools like Jenkins, TeamCity, and more.
n SOASTA’s Digital Performance Management (DPM) Platform enables measurement, testing and improvement of digital performance. It includes five technologies: mPulse real user monitoring (RUM); the CloudTest platform for continuous load testing; TouchTest mobile functional test automation; Digital Operation Center (DOC) for a unified view of contextual intelligence accessible from any device; and Data Science Workbench, simplifying analysis of current and historical web and mobile user performance data.
n Synopsys: Through its Software Integrity platform, Synopsys provides a comprehensive suite of testing solutions for rapidly finding and fixing critical security vulnerabilities, quality defects, and compliance issues throughout the SDLC. n TechExcel: DevTest is a sophisticated quality-management solution used by development and QA teams of all sizes to manage every aspect of their testing processes.
n TestRigor is an automated regression testing tool that allows VPs of Engineering and Directors of QA improve test coverage to 100%, speed up testing schedules by at least four weeks, and increase team productivity by up to 210% – all for less than their entire outsourced QA department. i OCTOBER 2019 43
044_SDT028.qxp_Layout 1 9/24/19 11:21 AM Page 44
44
SD Times
October 2019
www.sdtimes.com
Analyst View BY ROB ENDERLE
The coming mobile disruption Rob Enderle is a principal analyst at the Enderle Group.
T
here are three technologies that not only will massively impact Smartphone but they are going to have a major impact on PCs as well. They are 5G, Wi-Fi 6, and foldable screens. Combined, they should expand what we can do with mobile devices, change the performance limitations that currently define them, and do interesting things to the physical designs we currently view as standards. We haven’t disrupted either smartphones or laptops in some time, and the disruptive wave of tablets petered out but, I expect, will soon have a second coming. Even where we compute is changing with massive shifts to cloud computing expected for desktop applications and efforts like Microsofts Virtual Desktop doing what their interesting but failed Continuum offering was never able to accomplish. Of course you could argue that Continuum never really failed; it just had to wait for the cloud and foldable displays to evolve so the concept of Windows on a smartphone could become viable.
The high-performance wireless technologies coming to market provides a foundation for a massive hardware change.
5G and Wi-Fi 6
What changed how I looked at these technologies was a presentation from Qualcomm where Cisco came on stage and talked about blending the technologies. Both 5G and Wi-Fi 6 provide wired levels of performance without the wire and systems with support for both technologies (at least those using Qualcomm components) will be able to dynamically and seamlessly switch between then as needed. Given this level of performance and a cloud OS instance like the Microsoft Virtual Desktop you may not need a full PC, just a way to convert your connected smartphone display and interface into something that is more like a PC. And realize this wouldn’t be a trivial performance boost because virtualized capabilities from all the major cloud providers range from basic desktop capability up to Supercomputer performance. This level of performance suggests that a future user just on a connected Smartphone or Tablet could have access to performance levels that even the most powerful desktop workstation today can’t match. But the issue then becomes how do you take a
device designed to be pocketable and grow it to be usable as a PC without destroying its portability?
Foldable Screens If you take a 13-inch laptop screen, the smallest that the market has purchased in high volume, and fold that screen you get 7.5 inches, which falls into the high range size for smartphones. Granted, it will increase the thickness of the result. The touch interface would still work but you’d also need to rethink the input method. This need to rethink is because if you then include a keyboard and mouse you probably haven’t saved that much space over a thin 13-inch PC. But we are also moving to speech interfaces with younger age groups being increasingly more accepting of products with these interfaces. Combining touch with speech may require a better mounted microphone solution, one that better contains the sound for confidentiality. Our ability to make active noise cancellation is improving, but I have yet to see a solution that fully quiets a speaker talking into their phone. A problem, given the complaints from workers near talkers in cubicle farms, have needed to be fixed for some time. While I still think the ultimate disruption will come when we figure out how to do better wearable displays and how to more seamlessly integrate smartphone tech with what will evolve to become a wearable solution, the foldable screen will form a bridge to that expected future. The blend of the high-performance wireless technologies coming to market provides a foundation for a massive hardware change, potentially placing a device that would replace the smartphone at the center of the revolution. What that device is will be defined by the advancements of foldable screens initially and wearable displays eventually as well as the advancements surrounding voice interfaces and related active noise cancellation tech. I think the result will be something very interesting and potentially even more disruptive than the iPhone was. I think we’ll begin to see what that is after Microsoft’s Virtual Desktop redefines just what a PC can be. I guess that means I should have said there are four or five technologies that will eventually massively impact smartphones and PCs. Go figure? z
045_SDT028.qxp_Layout 1 9/24/19 11:22 AM Page 45
www.sdtimes.com
October 2019
SD Times
Guest View BY ONDREJ KRAJICEKH
Edge and cloud: A power couple W
e’ve all known two great people we were sure belonged together. Their faults and virtues fit as neatly as puzzle pieces. Yet one without the other does not make much sense and will never leverage its true potential. Substitute technologies for people, and you begin to understand the fundamental magnetism between edge and cloud. The cloud lifted data storage and compute operations out of the onpremises data center and relocated them in somebody else’s bigger, safer, better-provisioned and well-managed facility. Doing that made it possible to share resources and lower costs. The downside is the bandwidth required to move the data back and forth between client and cloud, and the non-trivial latency that needs to be considered. Like any much-traveled highway, the network is subject to traffic jams. Latency is the delay caused by these traffic jams. The IoT represents an entire universe of dispersed digital devices, virtually all of which generate and/or collect data — the bulk of which requires processing, the faster the better, preferably in real time. These far-flung devices flinging data to the cloud or on-premises data centers to get processed, then — boing — back to the device of origin, are not reliable if there are traffic jams.
Do it on the edge Here comes the ‘a-HA’ moment. Put the compute power where the devices are — at the edge! Some pundits call it the “shift left.” Others, like Hewlett Packard VP and Fellow Tom Bradicich writes in a recent blog post, “Organizations that adopt edge computing capabilities can enjoy some first-mover advantages in operational efficiencies and new business development.” Business Insider recently reported that an expected 5.6 billion devices will be connected to the edge by 2020 — a rate of adoption that makes the early growth of cloud computing seem leisured in comparison. You could say the migration to the cloud created some problems that now need to be solved. Today, that means IT teams are busy revising their business infrastructure to close the gap between where data is generated and where and how it’s processed — even, and just as important, what data actually needs to
travel, and in what form. Being in the print management business, Y Soft has long been aware of the distance-fromserver problem that can plague distributed infrastructure, as well as the high cost of the servers themselves. In fact, we created the first solution, moving print servers to the edge as far back as 2007. Going forward, this led Y Soft to develop its YSoft SafeQube line of lightweight server alternatives to perform tasks like user authentication, system state monitoring and use analyses at the print site, where it’s processed as metadata that can be transmitted quickly to a company’s cloud or on-premises servers with low impact on network performance.
Ondrej Krajicek is the chief technologist strategist at Y Soft.
Long-term benefits of edge computing Hardware companies and their embedded software partners are even now hard at work developing chips that will travel, serve and last well beyond the reaches of our planet’s gravity. Healthcare systems that collect patient data like scans and X-rays at distributed locations are working to protect the security of the data and of the systems’ internal networks from intruders. The farther from our server farms our devices travel, the smarter and more robust our deployed devices need to be, the more capable of operating autonomously at the edges of our known world. And “farther” does not have to be far. Never forget that internet connectivity does break. Maybe not often, but when it does, it really hurts. Meanwhile, closer to home within print infrastructure, we’re sorting out the proper relationship of edge to cloud. Moving computation to the edge has the immediate dramatic effect of eliminating a lot of network traffic and speeding up what remains. If we can get data to the data center intact and in time, that should renew the useful applications of cloud computing. At a guess, those will lean more toward provisioning, managing and storing than to processing. Even in space, we’ll still need 3D printers or whatever type of printing comes next. z
Like any much-traveled highway, the network is subject to traffic jams. Latency is the delay caused by these traffic jams.
45
046_SDT028.qxp_Layout 1 9/25/19 12:24 PM Page 46
46
SD Times
October 2019
www.sdtimes.com
Industry Watch BY DAVID RUBINSTEIN
Why our industry must admit #metoo David Rubinstein is editor-in-chief of SD Times.
R
ichard Stallman, an industry icon who created the first open-source operating system and has spent his career fighting for free and open software, resigned from his positions at the Free Software Foundation and MIT-CSAIL over remarks he made regarding, of all things, the Jeffrey Epstein case. The blowup occurred in response to a Facebook event urging MIT students to rally against the university accepting anonymous donations from Epstein, an accused sexual predator of young girls — children, actually. Stallman’s comments were in defense of another industry thought leader, the late Marvin Minsky, who was a pioneer in artificial intelligence and cofounder of the MIT AI lab. It is reported that one of Epstein’s girls was directed to have sex with Minsky. While some reports called this a sexual assault, Minsky was never charged with a criminal act. But his guilt or innocence is beside the point of this article. As reported in SD Times and elsewhere, MIT alum Selam Jie Gano published an email in which she said Stallman wrote: “The announcement of the Friday event does an injustice to Marvin Minsky,” Stallman wrote. “The injustice is in the word ‘assaulting.’ The term ‘sexual assault’ is so vague and slippery that it facilitates accusation inflation: taking claims that someone did X and leading people to think of it as Y, which is much worse than X.” He also wrote that of the allegations against Minsky: “We can imagine many scenarios, but the most plausible scenario is that she [a young girl] presented herself to him as entirely willing. Assuming she was being coerced by Epstein, he would have had every reason to tell her to conceal that from most of his associates.” Stallman claims media reports mischaracterized his statements and that he was misunderstood, and in his writing said he was sorry for the hurt people feel because of what they believe he said. SD Times news editor Christina Cardoza reached out to Stallman for comment, and he simply replied: “I urge people to look at my own writing rather than at what other people said I said.” You can Google those writ-
Perhaps the saddest part of this story? That it went away so quickly. People have become numb to sexual harassment.
ings and decide for yourself. But, that Stallman even wrote this in this #metoo environment shows he clearly is not ‘woke’ to what’s happening in workplaces across the country. Harvey Weinstein. Matt Lauer. Sen. Al Franken. Supreme Court Justice Brett Kavanaugh. And Epstein. You may agree that some of these men deserved punishment that never came, or that some were punished for behavior that didn’t rise to the threshold of public shaming and job loss. But you can’t argue that their behavior AT ITS BEST made women uncomfortable, and at its worst was sexual predation. Many people blame it on our culture — it’s a man’s world, all of that. I believe Stallman’s remarks can be traced to our industry, software development, in which women have been — to put it very mildly — treated poorly. This gender bias discourages women from entering the field, which means that companies who claim to be worried about the user experience are only creating software for half the users. There’s no women’s perspective, which only women programmers can bring into design and content meetings. The group Girls Who Code, an advocacy for women in technology, released the results of a survey that shows: • 54% of women reported a “noticeable lack of staff diversity” • 21% of women were asked biased interview questions; 16% encountered biased technical exercises • 25% of women surveyed had their personal attributes focused on during an interview, instead of their skills • 25% of women encountered inappropriate verbal remarks, while 7% received inappropriate written remarks Gender-based discrimination can and does, happen anywhere. Small startups and big-name tech giants alike are not immune to reports of sexual harassment, bias, or other forms of discrimination. Perhaps the saddest part of this story? That it went away so quickly. People have become numb to sexual harassment. We’re fatigued by all of the reports coming out. But tech companies must hire more women and then begin enforcing harassment rules. It’s in their own best interest, and for the greater good. z
Full Page Ads_SDT028.qxp_Layout 1 9/24/19 10:22 AM Page 47
Bad address data costs you money, customers and insight. Melissa’s 30+ years of domain experience in address management, patented fuzzy matching and multi-sourced reference datasets power the global data quality tools you need to keep addresses clean, correct and current. The result? Trusted information that improves customer communication, fraud prevention, predictive analytics, and the bottom line. • Global Address Verification • Digital Identity Verification • Email & Phone Verification • Location Intelligence • Single Customer View See the Elephant in Your Business -
Name it and Tame it!
www.Melissa.com | 1-800-MELISSA
Free API Trials, Data Quality Audit & Professional Services.