SE Unit 4 - HackMD

<style> html, body, .ui-content { background-color: #212121; color: #ddd; } .markdown-body h1, .markdown-body h2, .markdown-body h3, .markdown-body h4, .markdown-body h5, .markdown-body h6 { color: #ddd; } .markdown-body h1, .markdown-body h2 { border-bottom-color: #ffffff69; } .markdown-body h1 .octicon-link, .markdown-body h2 .octicon-link, .markdown-body h3 .octicon-link, .markdown-body h4 .octicon-link, .markdown-body h5 .octicon-link, .markdown-body h6 .octicon-link { color: #fff; } .markdown-body img { background-color: transparent; } .ui-toc-dropdown .nav>.active:focus>a, .ui-toc-dropdown .nav>.active:hover>a, .ui-toc-dropdown .nav>.active>a { color: white; border-left: 2px solid white; } .expand-toggle:hover, .expand-toggle:focus, .back-to-top:hover, .back-to-top:focus, .go-to-bottom:hover, .go-to-bottom:focus { color: white; } .ui-toc-dropdown { background-color: #212121; } .ui-toc-label.btn { background-color: #191919; color: white; } .ui-toc-dropdown .nav>li>a:focus, .ui-toc-dropdown .nav>li>a:hover { color: white; border-left: 1px solid white; } .markdown-body blockquote { color: #bcbcbc; } .markdown-body table tr { background-color: #5f5f5f; } .markdown-body table tr:nth-child(2n) { background-color: #4f4f4f; } .markdown-body code, .markdown-body tt { color: #eee; background-color: rgba(230, 230, 230, 0.36); } a, .open-files-container li.selected a { color: #5EB7E0; } </style> # Software Testing and Maintenance ## Introduction to Testing - Testing is a set of planned and systematic activities. - Ensures software performs as expected and exposes deviations. - Involves measuring attributes to build confidence. - Testing strategy includes tactics for both low-level and high-level tests. ### Objectives of Testing **Demonstration:** - System used with acceptable risk. - Functions under special conditions. - Product ready for integration/use. **Detection:** - Discover defects, errors, and deficiencies. - Determine capabilities and limitations. - Evaluate the quality of components. **Prevention:** - Provide information to prevent/reduce errors. - Reduce error propagation. - Clarify system specifications and performance. - Identify ways to avoid risks and problems. ## Verification - **Question:** Are we building the product right? - Process of checking software achieves goals, ensuring deliverables meet requirements. - Static Testing - Does not include code execution. - Checks documents, design, code (reviews, walkthroughs, inspections). - Finds bugs early in development. - Occurs before validation. ## Validation - **Question:** Are we building the right product? - Focuses on product-related activities to meet customer/client expectations. - Dynamic Testing - Includes code execution. - Validates capabilities and features in project scope and requirements. - Typically done by the testing team. - Methods: Black Box testing, White Box testing, and non-functional Testing. ## Terminologies - **Defect:** - Deviation from requirements. - Fault/imperfection due to design/code mistake. - **Bug:** - Coding error that prevents intended working. - Programmer's mistake. - **Failure:** - Resulting state due to defect. - Occurs during development lifecycle or later. - **Issue:** - Raised by end-users when the product doesn't meet expectations. ## Characterising Testing ![image](https://hackmd.io/_uploads/rkKtcK7rp.png) ![image](https://hackmd.io/_uploads/S1K0at7ra.png) ## Black/White Box Testing*** - **Quote:** - "The human eye has an almost infinite capacity for not seeing what it does not want to see... Programmers, if left to their own ways, will ignore/overlook the most glaring errors in their output—errors that anyone else can see in an instant." - *The Psychology of Computer Programming, Gerald Weinberg* **Blackbox**: Unit,Integration **Whitebox**: UAT ![image](https://hackmd.io/_uploads/H1MC6f1L6.png) ## Static Testing*** - Checks for defects in the software without executing the code. - Performed in early stages to avoid errors. - Easier to find the source and solution when discovered earlier. - peer review,walkthrough,informal(review) - data flow and cotrol flow(static analysis) ### Cyclomatic Complexity - Quantitative measure of the number of linearly independent paths in a code section. - Computed using the control flow graph. - Indicates program complexity. - Formula: M = E – N + 2P (E = Edges, N = Nodes, P = Connected components). ![image](https://hackmd.io/_uploads/BkglecXSa.png) ![image](https://hackmd.io/_uploads/HJKVb5mBp.png) ## Dynamic Testing*** - Involves executing code for analyzing dynamic behavior. - **Advantages:** - Finds difficult and complex defects. - **Disadvantages:** - Subject to time and budget constraints. ### Kinds of Dynamic Testing - Based on Code or Fault Approach. - Based on How testing is done. - Based on Levels of testing. ### Code Based Approach ### 1. Control Flow Based Criteria - Uses control flow path, a graphical representation of paths during execution. - **Branch Coverage:** - Executes every path at least once. - No branch leads to abnormal behavior. ### 2. Data Flow Based Criteria - Selects paths through program control flow to explore events related to variable or data object status. - **Statement Coverage:** - Executes all statements at least once. - No side effects? ### Based on Approach Used ![image](https://hackmd.io/_uploads/ByB2GqXS6.png) ## Boundary Analysis – Examples - **Example 1:** ![image](https://hackmd.io/_uploads/HJhd797S6.png) - **Example 2:** ![image](https://hackmd.io/_uploads/rkfMNc7rp.png) ### 3. Based on Mode of Testing ### Manual Testing - Used in complex testing where automation is expensive. - Slow, tedious, hard to achieve complete coverage. - Examples: Acceptance testing, Black Box testing, White Box testing, Unit tests. ### Automated Testing - Involves tests executed without human assistance. - Requires coding and test framework maintenance. - Fast, repeatable, efficient for periodic and regular tests. ## Levels of Testing ### Unit Testing - **Focus:** - Test for coding/construction errors prior to quality engineering. - Tests the smallest individually executable code units. - **Done by:** - Programmers. - **Test cases for:** - Algorithms and logic. - Data Structures. - Interfaces. - Independent paths. - Boundary conditions. - Error Handling. - In an OO environment, tests are at the class level using constructors and destructors. ### Integration Testing - **Focus:** - Test to verify the interface between components against a software design. - Performed by programmers to isolate timing and resource contention problems. - **Approach:** - Abstract away unit issues and look for defects between units. - **Strategies:** - **Big Bang Approach:** - Integrate everything and run to see if the system functions as expected. - **Iterative Approach:** - Software components are integrated iteratively until the software works. - Top-down or Bottoms-up. ### System Testing - **Focus:** - Tests a completely integrated system to verify compliance with Software Requirement Specifications. - Detects defects within "inter-assemblages" and within the system as a whole. - **Approach:** - Black box testing that involves testing the end-to-end flow of an application. - **Process:** - Test Environment Setup. - Create Test Case. - Create Test Data. - Execute Test Case. - Defect Reporting and Logging. ### Acceptance Testing - Involves running a suite of tests on the completed system. - Each test case exercises a particular operating condition of the user's environment or feature. - Test environment is designed to be as identical as possible. - Tests are created through collaboration between customers, business analysts, testers, and developers. - Verifies the completeness of a user story during a sprint. - Provides confidence that the delivered system meets the business requirements of sponsors and users. - Final quality gateway. ## Alternate Testing Categorization ![image](https://hackmd.io/_uploads/HyfZL9QHa.png) ## Varieties of System Testing ### Smoke and Sanity Testing *** - **Smoke Testing:** - Ensures that the most important functions work. - Decides whether the build is fit for further testing. - **Sanity Testing:** - Ensures specific functionalities work as intended. ### Regression Testing - Determines whether any changes have caused unintended side effects. ### Installation & Uninstallation Testing - Verifies if the software has been installed with all necessary components and the application works as expected. - Verifies if all components of the application have been removed during the uninstallation process. ### Functional & Non-Functional Testing - **Functional Testing:** - Tests features and functionality covering all scenarios, including failure and boundary cases. - **Non-Functional Testing:** - Verifies attributes of the system such as performance or robustness. ### Destructive Testing - Application is made to fail in an uncontrolled manner to test the robustness of the application and find points of failure. ### Software Performance Testing - Tests responsiveness, scalability, stability, and reliability of the software product. ### Usability & Localization Testing - **Usability:** - Evaluates the ease of use of the system from the user's perspective. - Considers the level of skill required to learn/use the software and the time to acquire the skill. - **Localization:** - Verifies the quality of product localization for a particular target culture. ### Boundary Testing - Black Box testing using boundary values. ### Startup/Shutdown Testing - Shutdown testing ensures the system has not left uncleared lock files, states of tables, or inconsistent data. - Startup ensures the product starts in a deterministic and consistent state. ### Platform or Cross-Platform Tests - Cross-platform tests evaluate the behavior of the application in different environments. ### Load & Stress Tests - **Load Tests:** - Determine behavior or robustness of the system under varying loads. - **Stress Tests:** - System is pushed to maximum design load and beyond to test the limits of the system. ### Security Testing - Testing to uncover vulnerabilities and ensure data and resources are protected. ### Compliance Testing - Checks compliance with internal and external standards. ### Recovery Tests - Testing to check restart capabilities following a disaster or unanticipated shutdown. ### Scalability Tests - Determine the capability to scale up or scale down. ### Cloud Testing - Software application is tested using cloud computing services. ## Test Planning ### Test Planning Generics - Software test planning is the process of evolving a test plan that discusses what, when, how much, and how to ensure quality expectations can be met. - The outcome serves as a blueprint for conducting software testing activities as a defined process. - Used for monitoring, control, and understanding by developers, business managers, and customers. ### Test Planning Process - Overview 1. Ensure context and scope of the project are understood. 2. Establish test adequacy criteria. 3. Evolve a test strategy. 4. Evolve a list of deliverables. 5. Create a detailed test schedule. 6. Plan, identify, and allocate resources. 7. Identify milestones. 8. Risk management. 9. Establish measures and metrics. ### 1. Testing Scope - Understand the product's deployment environment. - Review use case scenarios. - Collaborate with designers and developers. - Review project documentation. - Optimal testing based on customer requirements, project schedule, budget, product specifications, and test team skills. ### 2. Test Adequacy - Testing a subset of possible combinations does not guarantee issue absence. - Test adequacy criteria determine when to consider testing complete for an iteration. - Examples include executing planned tests, resolving critical high-priority issues, and having fewer than a certain number of severe defects. ### 3. Testing Strategy*** - Known as the test approach, defines how testing is carried out. - Considers testing mindsets, test models, test types, test environment, automation strategy, tools, and risk analysis with contingency planning. #### <u>**Models/Mindsets**</u> *** - **Demonstration:** - Ensures software runs and solves the problem. - Establishes satisfaction of specs. - **Preventive:** - Prevents faults in early phases through careful planning and design. - Involves reviews and Test-Driven Development. - **Destruction:** - Tries to make the software fail to find faults. - Effective test cases find faults. - **Evaluation:** - Detects faults through lifecycle phases. - Focuses on analysis and review techniques to detect faults. #### <u>Testing Types Chosen</u> - Each lifecycle phase has outcomes that can be tested. - Strategies include "testing-in-the-small" to "testing-in-the-large," top-down and bottom-up approaches, positive and negative testing, and dynamic and heuristics-based approaches. #### <u>Test Execution Environment</u> - Testing Environment/Test Execution Environment/Test Bed: Setup of software and hardware for testing. - Configured based on the application's needs. - Includes test data, databases, front end, operating systems, servers, storage, and network. - Correct setup ensures testing success; incorrect setup results in delays and cost escalations. #### <u>Automation</u> - Involves defining goals, planning the test approach, selecting an automation framework and test tool, designing and executing test cases, generating and analyzing test results, and maintaining scripts. #### <u>Tools which will be Used</u> - The chosen tool must be compatible with the application under test. - Testers need to be comfortable with the tool for effective use. - Considerations include features, report generation, ease of use, cross-platform support, industry acceptance, cost, and open source vs. proprietary characteristics. #### <u>Risk Analysis with Contingency Planning</u> - Risk: Probability of an unwanted incident during or toward testing. - Risks could include changes to business, technology, or competition directions; resource issues; quality concerns; inability to use test models; issues with chosen testing types; problems with the test environment, automation, or tools. - Mitigation and contingency planning are essential for addressing identified risks. --- ### 4. Evolving a List of Deliverables - Identifies activities and deliverables, such as test specifications for modules, and planned test cases for different conditions. ### 5. Creating Detailed Test Schedule - Includes estimates for building the test strategy, specifications, cases, environment setup, execution, reporting, etc. - Involves a Work Breakdown Schedule and estimation using project planning methods. - Calendarizes Work Breakdown estimates. ### 6. Planning, Identification and Allocation of Resources - Performed iteratively with estimation. - Ensures the schedule factors in characteristics of planned resources. - Involves identifying servers, storage, test tools, network resources, and personnel (Test Manager, Testers, Test Developers, Test Administrators, SQA). - Identifies the test environment. - Schedule is reworked after resource and skill identification. ### 7. Identification of Milestones & Risks - Identifies project milestones considering deliverables, schedule, and commitments to track progress and control overruns. - Used to identify risk triggers for task completion from schedule and quality perspectives. - Mitigation plans and triggers for kick-off are identified. ### 8. Identify Measures and Metrics - Identifies measurements like the number of planned and created test cases, time spent on creation and execution, and the number of errors found. - Classifies errors into critical, serious, medium, or low impact. - Defines metrics like the number of test cases executed per day, % of test cases executed, number of issues per KLoC, and number of critical issues per KLoC. ### Typical Test Plan #### 1. Introduction - Scope - In Scope - Out of Scope - Quality Objective #### 2. Test Methodology - Overview - Test Levels - Bug Triage - Suspension Criteria and Resumption Requirements - Test Completeness #### 3. Test Deliverables #### 4. Resource & Environment Needs - Testing Tools - Test Environment ## Testing Process/Lifecycle ### Structure of Testing Organisation ![image](https://hackmd.io/_uploads/ry-rImJIa.png) Software Testing is a part of Quality Engineering. QE groups are typically organized with various roles, including but not limited to: - **Test Director:** Provides oversight, coordination, strategic vision, and customer/stakeholder connection. - **Test Infrastructure Manager:** Manages infrastructure, capacity planning, maintenance, support, and configurations. - **Test Architect:** Designs test infrastructure, selects appropriate tools, and validates the test strategy. - **Test Manager:** Prepares test strategy, plans for the project, and monitors/testing control. - **Test Automation Manager:** Manages the development of tools and scripts for automation. - **Test Analyst:** Maps customer environment and test conditions to testing conditions and documentation. - **Software Test Engineer:** Tests the product using appropriate testing techniques and tools. ### Test Process 1. **Planning and Control** - Identifying requirements. - Analyzing test requirements, product architecture, and interfaces. - Creating Test Sufficiency criteria. - Creating Test Strategy, planning resources, and building a schedule. - Setting up review points, status reporting mechanisms, and approval boards. 2. **Design** - Identifying test conditions, designing tests, and defining the test environment. 3. **Implementation and Execution** - Developing test cases, test data, and test automation. - Executing tests, collecting metrics, logging results, and comparing with expected values. - Tracking defects and bug fixing. 4. **Evaluate Exit Criteria and Reporting** - Evaluating test completion/stopping criteria based on application functionality. - Examples: Test Cases, Pass Percentage, Bug Rate, Deadlines, Requirements Traceability Matrix (RTM). 5. **Test Closure Activities** - When testing is complete or the project is canceled. - Verifying all planned deliverables. - Archiving test scripts, environment, and closing with reports. - Performing a retrospective. ### Software Test Execution - Process of executing code and comparing actual observations with predicted expected values. - Steps: - Selecting a subset of test cases for execution. - Assigning test cases to testers. - Setting up the environment, configuring it, and setting up test data. - Noting execution steps and examining expected output. - Executing tests, logging results, capturing status, and logging bugs. - Resolving roadblocks if they occur. - Reporting results, conducting measurements, and analyzing metrics and test results. ## Test Cases ### What are test Cases Test cases are a crucial aspect of test documentation, serving as a guide for testers on what to test, how to check it, and the expected results. They determine if software meets requirements and functions correctly. Well-written test cases enable others to step into the tester role, ensuring comprehensive test coverage. ![image](https://hackmd.io/_uploads/SksDA9mBa.png) ### Value Proposition of Writing Test Cases - Identify and isolate areas to be tested through test scenarios. - Break down scenarios into detailed subsections, creating a framework for comprehensive testing. - Benefit future teammates by providing insights into system and feature functionality. - Ensure good test coverage and allow testers to validate features in different ways. - Document negative test cases for completeness. - Reusable for future testing efforts. ### Test Case Types Different types of test cases contribute to quality assurance: - **Positive:** Verify that the software is performing as intended. - **Negative:** Verify that the software is not performing unintended actions. - **Destructive:** Explore scenarios the software can handle before breaking. ### Test Case Writing - Best Practices - Keep the title short. - Include a strong, clear, and concise description. - Clearly state the expected result. - Aim to make test cases reusable. ### Test Suites A test suite is a container holding a set of tests to assist testers in executing and reporting test execution status. It can be in the states of Active, In-Progress, or Completed. Test cases can be added to multiple test suites and plans, created based on the cycle or scope, and may include functional or non-functional tests. ## Testing Execution and Metrics *** ### Software Test Related Measurements and Metrics Software Test Metric is a quantitative measure of the testing process, indicating progress, quality, productivity, and the degree to which a system possesses a given attribute. The goal is to improve efficiency and effectiveness, aiding better decisions for future testing processes with reliable data. **Software Test Related Metric Characteristics:** - **Quantitative:** Expressed in values. - **Understandable:** Method of metric computation should be easily understood and clearly defined. - **Applicability:** Should be applicable in the initial phase of development. - **Repeatable:** Same when measured repeatedly and consistent. - **Economical:** Computation should be economical. - **Language Independent:** Should not depend on programming language. **Software Test Measurements:** - Test-Related Measures - Evaluation of Program under Test - Evaluation of Tests Performed - Program Measurements - Defect Types, Classification & Statistics ### Software Test Related Measures – Product Related **Metrics Description:** - **SLOC (Size in Lines of Code):** Size in lines of code [kLOC, MLOC]. - **Fault Density:** Ratio of the number of faults found to the size of the programs. - **MTBF (Mean Time Between Failure):** Indicates the probability of failure based on statistical analysis. - **Failure Rate:** Inverse of MTBF. - **Defect Distribution:** Percentage of defects attributed to a specified phase in SDLC. - **Defect Density of Modules:** Ratio of the number of faults found in a module to the total faults found in the product. - **Defect Leakage:** Test Efficiency = [(Total number of defects found in UAT) / (Total number of defects found before UAT)] x 100. ### Software Test Coverage Metrics – Product Related ![image](https://hackmd.io/_uploads/BkWJgsmHa.png) > Mutation testing, also known as code mutation testing, is a form of white box testing in which testers change specific components of an application's source code to ensure a software test suite can detect the changes. Changes introduced to the software are intended to cause errors in the program. Mutation testing is designed to **ensure the quality of a software testing tool**, not the applications it analyzes. **Software Reliability:** Probability of failure-free software operation for a specified period in a specified environment. ![image](https://hackmd.io/_uploads/SkHXeimBT.png) ### Test Driven Development [TDD] **Prevention Model Steps Associated:** 1. Add a test. 2. Run this and earlier tests, see if the system fails. 3. Make a small change to make the test work. 4. Continue incrementally until all planned tests run properly. 5. Refactor the system to improve design and reduce redundancies. ### Key Issues in Software Testing **Test Selection Objectives:** - Objectives for a Test. - Testing for Defect Identification. - Theoretical and Practical Limitations. - Infeasible Paths. - Testability. **Key Issues in Software Testing – Test Case Selection:** Testers need to choose the most important tests to run. Common ways to prioritize tests include testing highest priority requirements first, complex code first, based on McCabe’s cyclomatic complexity, testing largest modules first, and testing the most often modified modules first. --- ## Testing Tools ### Selenium Selenium is an automation suite with offerings including Selenium IDE, Selenium RC, Selenium WebDriver, and Selenium Grid. #### Advantages of Selenium - Open Source - Highly Extensible - Cross-browser testing - Supports various operating systems - Mobile devices support - Parallel test execution #### Disadvantages of Selenium - Limited to web applications - No built-in object repository - Slower automation rate - Can't do Complex data-driven testing - Limited access to elements outside the web application - Lack of official user support ### JUnit JUnit is a simple framework for writing repeatable tests in Java. It eliminates the need for manual result verification and supports faster product development. #### Advantages of JUnit - Alternate front ends for displaying results - Separate class loaders for each unit test - Methods like setUp and tearDown for resource initialization - Set of assert methods to check test results - Integration with tools like Ant, Maven, Eclipse, and Jbuilder #### Disadvantages of JUnit - Cannot perform dependency testing - Not suitable for high-level testing - Challenges with large test suites - Limited ability to test various JVMs simultaneously ### Apache JMeter Apache JMeter is open-source software designed for load testing functional behavior and measuring performance. #### Advantages of JMeter - Open Source - Platform-independent - Multi-threading framework - User-friendly UI - Extensible and supports multiple protocols - Visualizes test results - Easy installation #### Disadvantages of JMeter - Requires understanding of JMeter elements, regular expressions, session handling, etc., for scripting - Lacks network visualization - Single machine may not be sufficient for load tests - Does not support Ajax, JavaScript, and Flash comprehensively - Limited real-time test monitoring capability ### Quality Standards - **ISQ (Indian Society for Quality):** A not-for-profit society established in 1996, providing a national forum for quality professionals. - **ASQ (American Society for Quality):** Committed to providing expertise, professional networks, and solutions to advance products, services, and industries globally. - **BQF (British Quality Foundation):** An independent, not-for-profit corporate membership organization offering performance improvement products and services. --- ## Software Maintenance ### Introduction *** Software delivered to customers undergoes numerous modifications and enhancements due to various factors: - Fixing defects reported from the field - Correcting requirement and design errors - Implementing enhancements - Improving performance - Adapting to environmental changes (hardware, software, network, standards, etc.) - Retiring outdated systems - Interfacing with other software ### Maintenance Definition - **Maintenance:** The sustaining process of modifying a software system or component after delivery to correct faults, improve performance, or adapt to a changed environment. - **Totality of Activities:** All activities required to provide cost-effective support to software. - **Why:** To ensure the software product continues to satisfy customer needs and support the system customers have invested in. - **Who:** The maintainer can be an organization or person responsible for carrying out maintenance activities. ### Maintenance Activities *** - Maintaining control over the software's day-to-day functioning - Maintaining control over software modifications - Perfecting existing functions - Preventing software performance from degrading to unacceptable levels ### Maintenance Actions *** - Understanding the product through studying architecture, design, code, test cases, and documentation - Discussions with architects and developers - Adequate and precise documentation, testable code, code management, instrumentation, and debug code - Analyzing current and future change requests to identify how to satisfy tasks ### Maintenance Costs - Maintenance consumes a major share (typically 70%) of software lifecycle financial resources. - Factors affecting maintenance costs include application type, software novelty, staff availability, software lifespan, hardware characteristics, and quality of software artifacts. ### Key Issues in Software Maintenance **Technical Issues:** - Code and documentation quality - Limited understanding - Availability of a test environment to reproduce problems - Impact analysis **Management Issues:** - Staffing and retaining people with the right skill levels - Alignment with economic objectives - Outsourcing challenges - Protection of intellectual property - Control over development process and quality control - Learning curve for the product - Scope of maintenance ### Software Maintenance Lifecycle (SMLC)*** ![image](https://hackmd.io/_uploads/ByyZUiQSa.png) ### Tips for Maintenance ![image](https://hackmd.io/_uploads/rJ6bLoXS6.png) --- ## Techniques, Approaches, and Process for Software Maintenance ### Categories of Maintenance *** ![image](https://hackmd.io/_uploads/H17nDs7Bp.png) ### Maintenance Process Activities 1. **Implementation of Processes** - Develop, document, and execute maintenance process plans, including the usage of tools as part of the process. - Procedures for handling user reports and modification requests, tracking problems, and responding to users. 2. **Follow the Software Maintenance Life Cycle** 3. **Migration** - Develop a migration plan for the fixed/new component and execute the plan. - Activities could include notifying and replacing the product, applying the path with restart/no-restart, and supporting older data. 4. **Software Retirement** - Develop a retirement plan for the system, including timeline, communicate and execute that plan. - Retire older versions and run new ones in parallel, dispose of superseded hardware and software. ### Techniques or Approaches for Maintenance – Reverse Engineering *** - **Reverse Engineering:** - A passive technique to understand a piece of software prior to re-engineering. - The process of recovering specifications and design information from the system's source code. - Identifies components of a software product and their interrelationships. - Creates a representation of the software in a different format without modifying the product. ### Techniques or Approaches for Maintenance – Re-Engineering *** - **Re-Engineering:** - The process of modifying software to make it easier to understand, change, and extend. - Improves the maintainability of the system at a reasonable cost. - Considered when standard maintenance techniques are no longer viable for efficient and productive support. - Involves steps like identifying the current process, documenting planned reconstruction, reverse engineering, refactoring, and reconstructing code and data. ### Techniques or Approaches for Maintenance – Refactoring *** - **Refactoring:** - The process of changing a software system without altering its external behavior but improving its internal structure. - Often used to enhance the quality of a software product, making it easier to understand and maintain. - Done after the design/code of a component has been completed. ### Types of Refactoring 1. **Architecture Refactoring:** - The most time-consuming form, involving completely redesigning, recoding, and testing the code. 2. **Data Refactoring:** - Involves standardizing data definitions and making physical modifications like database migration. 3. **Code Refactoring:** - Resolves immediate problems associated with debugging. - Real benefits are achieved when data and architecture are refactored as well. --- # Software Engineering in a Global Environment, Hacking & Ethics ## Global Environment Traditional Team - Social group of individuals co-located - Tasks are independent - Activities to achieve common goals Global Software Development team - Group of knowledge workers located globally - Uses virtual teams - Same goals and objectives - Differentiated by distance - Linked by communication technologies Characteristics of Global Software Development - Geographic distance - Linguistic distance - Cultural distance - Temporal distance ## Types of Development - Co-located Development - Housed within walking distance - Multisite Development - Members are distributed across sites - Global Development - Distribution of members exceeds frontiers of a country ## Rationale and Challenges for Global Software Development*** - Cost savings by cost arbitrage(cheap labour) - Advantage of time difference for faster delivery - Larger global pool of developers - Locating developers closer to markets and customers - Advantage of diversity in stakeholders' knowledge - Challenges include geographical, cultural, communication, and control issues ## Hacking - Historically used constructively for cleverness - Currently associated with criminal activities - Social Engineering involves tricking users into providing information - Distinction between White Hat Hackers (improve security) and Black Hat Hackers (exploit systems) ## Hacking v/s Software Engineering ### Hacker - Solves problems with non-standard approaches - Attracted by challenges and novelty - Weakly motivated by conventional rewards ### Software Engineer - Takes a problem and fits it within criteria - Creative and original thinking within constraints ## Ethics - Introduction - Computer scientists and software engineers face difficult ethical decisions - Personal ethics vs. professional ethics - Examples: Reuse of source code, enforcing password strength, knowledge of flaws or bugs ## Ethics*** - Personal Ethics: Guides individual behavior across all areas of life. - Business Ethics: Focuses on ethical business practices and societal expectations. - Professional Ethics: Governs the conduct of professionals within their specific fields. ## Ethical Frameworks - Reason for making a choice matters - Utilitarian Framework: Cost analysis based on risks, costs, and probabilities - Framework of Individual Rights: Focuses on respecting individual rights ## Ethical Frameworks and Principles - Golden Rule: Treat others as you want to be treated - Principles: Beneficence, Least Harm, Respect for Autonomy, Justice Ethical ## Ethics*** ![image](https://hackmd.io/_uploads/rJSmco7Sa.png) - Public: Act consistently with public interest - Client and Employer: Act in the best interests of the client or employer - Product: Ensure products meet the highest professional standards - Judgment: Maintain integrity and independence in professional judgment - Management: Promote an ethical approach to management - Profession: Advance the integrity and reputation of the profession - Colleagues: Be fair and supportive of colleagues - Self: Commit to lifelong learning and promote an ethical approach ## Intellectual Property [IP] - Intellectual Property: Tangible creations of human intellect (patents, copyrights, trademarks, trade secrets) - Importance to engineers and companies for protection of investment ## Licensing - Licenses provide rules and guidelines for others to use your work - Open source licenses (GNU, BSD, MIT) allow contributions without seeking permission --- ## Software Development to Software Services, IT System Management and IT Operations, ITSM Processes ### Applications in the IT infrastructure use ITSM processes - Applications developed using SDLC and/or being deployed in an organization typically will form part of or will influence the business processes of the organization - Applications are deployed by IT operations/Infrastructure management teams using ITSM processes - Production acceptance process for deployment - IT Infrastructure: consists of equipment, systems, software and services - Used in common across an organization - Required to develop, test, deliver, monitor, control or support IT services ### IT Systems Management and IT Operations - IT Systems Management: how processes and service are administered to ensure that IT infrastructure provides a stable and responsive IT environment - Management of processes associated with IT infrastructure to deliver the right set of services at right quality at competitive costs - IT Operations: support activities that the IT department needs to support within a large organization - These applications impact the business and are offering IT services are deployed by IT operations or infrastructure management teams - Product acceptance process - Consistent and successful deployment of application systems - Support increasing deployment frequency - Product acceptance process would ensure capacity is planned, a robust streamlined deployment process ### IT Operations Activities can include - Routine and day-to-day operational tasks and maintenance, performing data back-ups, restoring system after service outage/update and would also look at organizations disaster recovery plans - Configuring and tuning servers and other configurable infrastructure components to optimize their performance - Allocating IT resources where they are needed to promote effective service delivery - Monitoring and measuring performance of IT infrastructure - Including IT organization’s security posture - Developing operational metrics to evaluate performance of key processes and services, manage software license compliance and conduct infrastructure audits to verify that security and performance targets are met ### IT Infrastructure Systems Management - IT Infrastructure consists of a number of physical devices - Servers, Networks, Disk Storage, Desktop Computer - Software products such as Databases - IT Infrastructure Systems Management is about how an IT organization manages IT services and provides a stable and responsive IT environment - Supports and furthers business of the organization ### IT Infrastructure Systems Management – Objectives - Provide Stable(Available) and responsive IT infrastructure - Stability: Systems are always up and accessible as scheduled, 24x7 - Measure: % of Uptime, % of Downtime, MTBF, MTTR - Responsiveness: How quickly the jobs are processed and completed - Measure: Throughput, Average Turn Around Time - Predictable Support and Service costs - Service costs that scale with Business - Reduction of cost of IT Management - Increased flexibility and responsiveness to business needs - Improved productivity and customer satisfaction - Improved security, reliability, and availability of IT infrastructure - Ability to integrate existing technologies and add new technologies ### 12 Key Processes in IT Systems Management - Availability Management - Problem Management - Capacity Planning - Performance - Storage Management - Security - Production Acceptance - Network Management - Business Continuity - Change Management - Configuration Management - Facilities Management ### ITSM Processes - IT Services refer to the application of business and technical expertise, and offering services which enable organizations in creation, management, optimization, or to provide access to information and business processes - Organization's IT infrastructure will support the firm’s business and information systems strategy ![image](https://hackmd.io/_uploads/HJN8hsQSp.png) ![image](https://hackmd.io/_uploads/BkAI2sQr6.png) ![image](https://hackmd.io/_uploads/H15D3s7S6.png) --- ## ITIL and IT Service Lifecycles ### List of Contents - ITSM Frameworks - ITIL – IT Infrastructure Library - Origins of ITIL - Quality Approach and Standards - ITIL – 3: IT Service Lifecycle - ITIL V4 - Holistic Service Management - Common Myths concerning implementation of ITIL ### ITSM Frameworks - Number of ITSM frameworks which businesses can use. Some frameworks are targeted to specific industries - Popular Frameworks - ITIL (V4): framework of best practices for delivering IT services - Business Process Framework: designed for telecommunications service providers - COBIT (Control Objectives for Information and Related Technologies): IT governance framework - FitSM: simplified, streamlined service management framework aligned with ISO/IEC 20000 - ISO/IEC 20000: considered the international standard for IT service management and delivery ### ITIL – IT Infrastructure Library - ITIL is a framework or set of IT Service management best practice processes that align IT services with business needs - Approaches that have worked on some scenarios, for selection, planning, delivery, maintenance and overall lifecycle of IT services - It helps businesses manage risk, strengthen customer relations, establish cost-effective practices and build a stable IT environment that allows for growth, scale, and change - ITIL describes best practices that are not organization/technology specific - Can be applied by the organization for establishing integration with organization strategy, delivering value, and maintaining a minimum level of competency - Organization to establish a baseline from which it can plan, implement and measure - Demonstrate compliance and measure improvement - Refined over the years and provides guidance for service management becoming the de facto standard framework of best practices ### Origins of ITIL - ITIL started as a process improvement initiative to improve the quality of products and services - In 1986, British Government’s Centralized Telecommunications and Computing Agency formally sponsored a program to promote improved management of IT services - Team of 40 IT experts established a framework of best practices - ITIL version 1 - Due to the growth of books regarding ITIL, in 2000, a more condensed ITIL version 2 came in - Released 7 books where Service Support and Service Delivery were prominent - In 2007, ITIL V3 consisting of 26 processes and functions, grouped into 5 volumes around the concept of service lifecycle - In 2019, ITIL V4 came in which focuses on business and technology while working with Agile, DevOps, and Digital Transformation ### Quality Approach and Standards - ITIL constitutes practical approaches for quality management of IT services and infrastructure processes with a focus on automating processes, improving service management and integrating the IT department into business. Some of these are the following: - Best Practice Guidance - Methodology of what works in actual practice derived from practitioners around the world - Non-Proprietary - Not a single vendor view and do not have to pay to apply in your organization - Comprehensive - Captures all of the essential service support and services delivery processes and integrates them to work together ### ITIL – 3: IT Service Lifecycle - Strategy that supports the service organization in examining the service opportunities proactively 1. **Service Strategy:** - Understands organizational objectives and customer needs and provides strategic guidance for investments in services - Includes service value definition, business case development, service assets, market analysis and service provider types 2. **Service Design:** - Turns strategy into a plan for delivering business objectives and technology 3. **Service Transition:** - Develops and improves capabilities for introducing new services into supported environments - Relates to the delivery of services required by business into live/operational use 4. **Service Operation:** - Manages services in supported environments. Provide best practice for achieving delivery of agreed levels of service 5. **Continual Service Improvement:** - Incremental and large-scale improvements to services ### ITIL V4 - Holistic Service Management - ITIL V4 facilitates value to customers and stakeholders by looking at service management in 4 dimensions - **Organizations and People:** - Organization needs a culture that supports objectives and the right level of capacity and competency among the workforce - **Information and Technology:** - Includes the information, knowledge, and technologies required for the management of services - **Partners and Suppliers:** - Organization's relationships with other businesses in design, deployment, delivery, support, and continual improvement - **Value Streams and Processes:** - Various parts of the organization work in an integrated and coordinated way is important to enable value creation - Expands from processes to practices by factoring in culture, technology, information, and data management - 34 management practices; various types of guidance, such as key terms and concepts, success factors, key activities, information objects, etc. ### ITIL V4 – Holistic Service Management - ITIL defines Service Value System, built around Service value chain - Flexible operation model for the creation, delivery, and continual improvement of services - Service value chain defines 6 key activities - Plan - Design and Transition - Improve - Obtain/Build - Engage - Deliver and support - Can be combined in many different sequences ### Guiding Principles of ITIL V4 1. **Focus on value** 2. **Start where you are** 3. **Progress iteratively with feedback** 4. **Collaborate and promote visibility** 5. **Think and Work holistically** 6. **Keep it simple and practical** 7. **Optimize and automate** ### Common Myths concerning Implementation of ITIL 1. You must implement all ITIL or no ITIL at all 2. ITIL is based on infrastructure management principles 3. ITIL applies mostly to data center operations 4. Everyone needs to be trained on ITIL fundamentals 5. Full understanding of ITIL requires the purchase of the library 6. ITIL processes should be implemented at one time 7. ITIL provides detailed templates for implementation 8. ITIL framework applies only to large shops 9. ITIL recommends tools to use for implementation 10. There is little need to understand ITIL origins --- ## TL:DR ### Software Development to ITSM Processes: - Applications developed using SDLC influence business processes. - IT Operations deploy applications using ITSM processes. - Production acceptance process is crucial for deployment. - IT Infrastructure includes equipment, systems, software, and services. - Used across an organization for development, testing, delivery, monitoring, and support of IT services. ### IT Systems Management and Operations: - IT Systems Management administers processes for a stable IT environment. - IT Operations support activities within a large organization. - Applications deployed by IT Operations impact business and offer IT services. - IT Operations activities include routine tasks, maintenance, monitoring, and resource allocation. ### IT Infrastructure Systems Management: - IT Infrastructure consists of physical devices and software. - Objectives include providing a stable, responsive, and cost-effective IT environment. - Key processes in IT Systems Management include Availability, Problem, Capacity Planning, and more. ### ITSM Frameworks and ITIL: - ITSM frameworks include ITIL, COBIT, and ISO/IEC 20000. - ITIL is a best-practice framework aligning IT services with business needs. - ITIL originated in 1986, evolved through versions, and focuses on service lifecycle. - ITIL V4 emphasizes holistic service management, with guiding principles and a service value chain. ### ITIL V4 - Holistic Service Management: - ITIL V4 considers service management in four dimensions. - It defines a Service Value System with a flexible service value chain. - The service value chain includes Plan, Design and Transition, Improve, Obtain/Build, Engage, and Deliver and Support. ### Guiding Principles of ITIL V4: - Focus on value, start where you are, progress iteratively with feedback, collaborate, think and work holistically, keep it simple and practical, optimize and automate. ### Common Myths about ITIL Implementation: - Implementation doesn't require all of ITIL or none at all. - ITIL is not solely based on infrastructure management. - ITIL applies beyond data center operations. - Not everyone needs full ITIL training. - Full understanding of ITIL doesn't require purchasing the library. - ITIL processes can be implemented gradually. - ITIL doesn't provide detailed implementation templates. - ITIL is applicable to organizations of all sizes. - ITIL doesn't mandate specific tools for implementation. - Understanding ITIL origins is valuable. --- ## DevOps: An Introduction, DevOps Pipeline ![image](https://hackmd.io/_uploads/ByUq1nQBp.png) ### DevOps - DevOps is the combination of cultural philosophies, practices, and tools that increase an organization’s ability to deliver (Deploy and Support) applications and services at high velocity and become more effective - It is the blending of the terms development and operations - Represents a collaborative or shared approach to the tasks performed by a company’s Application Development teams (following SDLC) and IT operations teams - The term DevOps is also used as an operational philosophy that promotes better communication and knowledge between the above two Dev and Ops teams ### What is DevOps?*** - DevOps looks to make the enterprise processes faster, more efficient, and more reliable with the intention of increasing the business value - Repetitive manual labor (error-prone) is removed whenever possible - DevOps, in a sense, is an extension of the agile way of doing things where you can deliver functionality incrementally and at a faster rate - DevOps follows the Agile manifesto principle of "Individuals and interactions over processes and tools" ### DevOps: Concepts and Terminologies - Recap some of the terminologies you have already learned which are also used in DevOps: - SDLC (Waterfall model, Agile approach) - Operations Methodologies (ITSM, ITIL) - SCM terminologies associated with Development, Release and Deployment concepts - **Version Control:** - Version control systems like Git record changes to files or sets of files stored within the system - Developers can make changes individually or within groups and save these changes through commits or revisions within the system in one way or another - Ability to commit, compare, merge & restore past revisions to objects to the repository allows for richer cooperation and collaboration within and between teams and minimizes the risk ### 1. DevOps Pipeline: Continuous Integration [CI]*** - Continuous Integration (CI) involves continuously merging the code written by developers with a mainline or “master” branch, frequently throughout the day - Developers take a snapshot or branch code from a master branch and work on their individual components and check-in and merge the changes back into the mainline - Merging of the code can happen multiple times through the day or in some periodicity and during merge if they find a merge conflict, it's resolved and then the code is merged - **Benefits of CI:** - Change sets are small and hence, work for resolving conflicts would be small & incremental - Supports detecting of issues early - Avoids difficult integrations, increased visibility and communications - Reduced debugging time ### 2. DevOps Pipeline: Continuous Delivery*** - Continuous Delivery is the frequent shipping of code to a given environment - Integrated bits are ready to be deployed & this supports release of the new changes to your test teams/customers quickly in a sustainable way - Process may be triggered by the last step in the continuous integration process - Drives the Business outcomes like deploy on demand, and supports faster time to market and of higher quality and may use tools like Jenkin Plugins ### 3. DevOps Pipeline: Continuous Testing [CT]*** - Continuous testing is the process of executing predominantly automated tests for validating the code to ensure that the application works as envisaged and is free of bugs or defects and can be continuously deployed - Designed to be executed with minimum wait times and provide the earliest possible feedback & support detection (or prevention) of the risks - Entry criteria for testing by the QE process groups would be successful completion of the unit and integration tests - In the QA environment, these could include some static code analysis and validation of both functional requirements and non-functional requirements ### 4. DevOps Pipeline: Continuous Deployment [CD]*** - Continuous Deployment (CD) is a software release process - Uses the delivery mechanisms for deploying the automated testing validated product, immediately and autonomously to a production environment - Typically used in highly mature DevOps teams - A significant number of times, validated integrated components are batched together and are then deployed into the customer environment > Continuous Delivery focuses on automating the process upto the staging environment, leaving the decision to deploy to production in the hands of humans. Continuous Deployment takes automation a step further, automatically deploying code changes to the production environment without requiring manual approval. --- ## DevOps: Pillars, Tools used in DevOps ### Pillars of DevOps*** - Recall the 4 pillars of DevOps - Collaboration - Affinity - Tools - Scaling - **Pillars of DevOps – Collaboration:** - Collaboration is the process of working towards a specific outcome through supporting interactions and the input and support of multiple people & groups - Effective collaboration involves Communication, Equal participation, Theory of Mind - Teams are effective when based on relationships built on trust, empathy & reciprocity, where hierarchies are less emphasized - **Pillars of DevOps – Affinity:** - There needs to exist a strong relationship between individuals, teams, and departments along with collaborative relationships to ensure the Dev and Ops groups work together - This is achieved by having teams with strong affinity between them, which is the measure of the strength of the relationship between individuals, teams, business units, and even companies - Affinity can be measured by several factors like Shared time, Intensity of the relationships, Reciprocity of shared stories, Reciprocity of support - **Pillars of DevOps – Tools:** - Tools are important in the DevOps environment as they act as an accelerator, driving change based on the current culture and direction - Tools & their ease of use impacts the acceptance and proliferation of specific aspects of the culture as they become the common language between teams - Examples of tools: System provisioning tools, Build Tools, Automation tools, Testing tools, Monitoring tools, Log extraction tools, Deployment tools, etc. - **Pillars of DevOps – Scaling:** - Scaling has a focus on the processes and pivots that organizations must adopt throughout their lifecycles - Scaling takes into account how the other pillars of effective DevOps can be applied throughout organizations as they grow, mature, and even shrink in large organizations ### DevOps vs Agile ![image](https://hackmd.io/_uploads/S1Y8SHJUp.png) ### Tools used in DevOps #### What is Jenkins? ![image](https://hackmd.io/_uploads/ry2Nx3QST.png) ![image](https://hackmd.io/_uploads/BkRreh7Sp.png) - Jenkins is an open-source automation tool written in Java with plugins built for Continuous Integration purpose - Generates test reports, integrates with different Version Control Systems, pushes to various artifact repositories, deploys directly to production or test environments, notifies stakeholders of build status - Its plugins allow integration of various DevOps stages and support UI customization #### Jenkins – Pipeline ![image](https://hackmd.io/_uploads/S1gvenQr6.png) - Each stage in the pipeline is represented by a cell, the column headers represent the name of the job that is being run at that stage in the pipeline - The green cells indicate that the stage/job is successful, red cells indicate that the job has failed #### Jenkins – Continuous Integration ![image](https://hackmd.io/_uploads/ry3Oe3XHa.png) - Involves steps like developers committing changes to the source code in a shared repository, building every commit, and detecting problems early - Other tools depending on Continuous Integration include deploying the built application on the test server and providing concerned teams with the build and test results #### Jenkins – Continuous Integration Illustration ![image](https://hackmd.io/_uploads/Hy_5x3mB6.png) - The code is sourced from a GitHub repository, and the job will be run on that repository, based on some build trigger #### Jenkins – Continuous Testing - Automated continuous testing facilitates higher velocity of deployment - Jenkins can schedule tests to run at a specific time and also displays statistics like the number of tests executed, time taken, failures, error messages, test results, and trends, etc. #### Jenkins – Continuous Testing Illustration ![image](https://hackmd.io/_uploads/BJKne3QBa.png) ![image](https://hackmd.io/_uploads/rkc6g2mHp.png) - A Plugin called TestComplete is being used to run the automated tests as a part of the CI pipeline. ---