Today, more and more organizations are hosting their applications on cloud environments. Organizations are strategically migrating cloud ready applications. Also, most new development projects in Social Media, Analytics, Cloud, Mobility and IOT, are being developed on the cloud.
Depending on the industry and regulatory requirements, the choice of cloud could vary – Public, Private, and Hybrid.
The key drivers include
- Need to consolidate geographically spread data centers to a single cloud environment
- Reduce upfront infrastructure investment
- Ease of availability and ease of disaster recovery
- Ease of scaling up/down
(1) Need for Validating Applications for Cloud Migration
While the benefits of cloud hosting are compelling, there is need for assessing the migration plan and carry out required validation to ensure successful transition. One would ask, what additional or different validation needs to be carried out while migrating application hosting to cloud?
The validation objectives, approach and rigor could vary based on
- Whether the application is native on the cloud or migrated from physical servers
- Number of applications migrated. For large number of applications migrated, the validation plan needs to be aligned to migration plan and tools/accelerators should be used for validation.
- Criticality and complexity of application including any compliance requirements
(2) Key Testing Focus Areas in Cloud Migration of Applications
Migrating applications to cloud requires a formal validation for functional, integration, security, scalability and performance aspects. Cloud hosting adds new dimensions to application validation compared to conventional testing. The table below highlights specific focus areas of Testing of Applications migrated to cloud compared to traditional testing -
(3) Key challenges in validation during Cloud Migration of Applications
Some of the challenges in validation for cloud migration include -
- Lack of testing and Quality of Service standards that address cloud and SaaS security.
- Different aspects for application security testing include testing of
o Data Security
o Application transaction security
o Business Process security
o User privacy
- Public clouds are shared across multiple users and it could pose bandwidth issues in access or cause outages
- Lack of control on underlying environment (Network, Database, servers).
- In case of interactions between network, database and servers, there is increased challenge as the tester would need to assess risk of crash, network breakdown, and defunct server.
- Certain server, storage or network configurations may not be supported on cloud. It makes it difficult to emulate cloud environments.
(4) Application Migration Validation – A holistic Approach
It is important to verify that all aspects of the migrated application are performing as expected for the application to be certified as “Cloud Ready”. Following checklist with validation for key objectives can be handy to assess production readiness of migrated applications –
i. Application Availability for Use
Validate whether the authorized users can access the application and its services
ii. Response-time as per SLAs
Validate whether the application and service performance under various loads is meeting the SLA consistently over a period of time.
iii. Environment & Data Management
Validate whether the application reference data, master data and the transaction data transitioned to cloud.
iv. Application Functioning
Validate each component of each application functions as expected
v. Automated Lifecycle Management
Validate whether application instance is restored automatically in case of hardware failures. Also if application data is restored automatically in case of crashes
vi. Application Coordination with Environment
Validate whether application is well coordinated and configured to ensure redundancy and fail-over
vii. Data Management
Validate cloud providers ability to meet compliance requirements relating to data
Validate data security during transit and storage
viii. Disaster Recovery and Business Continuity
Validate backup plan in the event of cloud outage
Validate business continuity plan for business critical functions in case cloud cannot be accessed
ix. Protection of Data Property Rights
Validate whether private cloud provider has right to access data
x. Security of Application and Data Assets post transition
Validate whether security controls have been enlisted, verified and evaluated
Validate encryption of sensitive data
Validate encryption of remote connections
- Testing objectives/validations and approach should be carefully considered based on target Cloud platform.
- Testing challenges should be carefully examined and addressed
- Testing objectives/validations vary based on application criticality/type, type of target cloud and whether the application is native to the cloud or migrated to cloud.
- Validation checklist should be deployed for each Application migrated to be “Cloud Ready” for production usage.