Five critical tests for cloud application performance, security
To keep end users happy, dev teams should regularly test the performance and security of cloud-hosted applications. Tools from cloud providers and third-party vendors can help.
When it comes to cloud application performance, you never want to just cross your fingers and hope for the best. Instead, development teams should regularly, and thoroughly, conduct tests to ensure applications meet the expectations of end users and the business.
While app testing can be tedious, it's worth it. Otherwise, poor performance and security vulnerabilities can negatively affect your bottom line. Here's an overview of five types of tests that are crucial to ensure high-performing and secure cloud applications, as well as some tools that can help you conduct them.
Stability is a major factor for cloud applications, given that they often need to support hundreds -- or even thousands -- of simultaneous users. A load test is a good way for development teams to determine how cloud applications run under varying loads and user requests. Enterprises should run this test regularly when the load is high to accurately measure application response time.
Public cloud providers offer tools to help perform load tests. The Microsoft Azure portal, for example, integrates with Visual Studio Team Services, which you can use to test cloud application performance. With a few clicks, the service simulates workloads for users who visit your website, and then reports how many requests have failed or are slow to respond. Enterprises can then view these results in a real-time dashboard.
IBM integrates with a third-party tool, called Load Impact, to perform these kinds of tests on its cloud platform. Users create an account and then conduct and track both load and stress tests via the Load Impact Dashboard.
Stress tests ensure that your public cloud-hosted applications can continue to be effective, even under excessive load or unfavorable circumstances. For example, retail organizations should perform a stress test before important events, such as Black Friday, to ensure the application can handle large traffic spikes. In most cases, a DevOps team will perform a stress test and handle the process of load simulation.
These types of tests are especially important in public cloud, given that it's a multi-tenant environment, where users share infrastructure. Cloud, in general, also offers a more cost-effective way to perform these kinds of tests, compared to a complex, on-premises testing lab.
Hewlett Packard Enterprise's LoadRunner is a well-known stress testing tool that can simulate thousands of concurrent users. Another example is Apache JMeter, which lets development teams actively simulate, and monitor, huge spikes in traffic.
Third-party load testing tools, such as Blitz, are also available.
Functional tests are all about user experience. They evaluate whether public cloud-hosted applications meet business requirements and work as intended. Two common types of functional tests include system unit testing and user acceptance testing.
With system tests, developers check that the individual modules of an application work properly -- a process that might include tests on some hardware and software components. User acceptance tests evaluate how the application performs for its intended, real-world audience. Users typically appreciate it when you involve them in this type of cloud application performance test because it shows that you care about their experience.
Enterprises should also ensure proper interoperability during functional tests and check that applications can run efficiently on different platforms, or as they move from one cloud provider to another.
Enterprises -- typically the networking team -- perform this type of test to ensure acceptable latency between an end-user request and cloud application response time. For example, a team could test the latency between your application's IP location and any Azure data center across the globe, using the Azure Latency Test service. Third-party tools, such as CloudHarmony, can also help assess latency.
While not directly related to cloud application performance, security tests are also critical to prevent vulnerabilities from negatively affecting users. Penetration tests, for example, simulate activity from a malicious user to identify vulnerabilities, such as cross-site scripting.
You might have to get permission from your public cloud provider to run such tests, as they can sometimes be indistinguishable from real-life events. For example, in AWS, you need to complete the AWS Vulnerability/Penetration Testing Request Form before you begin. Enterprises can also opt to have Amazon perform a security vulnerability assessment on their behalf via the Amazon Inspector service.
Developers should always involve their security team before they begin to perform these types of tests.