In a service oriented architecture (SOA), every part acts as an independent component to create a heterogeneous system altogether. Although a popular technology today, for its effective functioning, your SOA needs to be tested across different systems and applications in the enterprise.
But the process of testing the SOA is not free of challenges. Some of the SOAs are data driven whilst some others are application driven and also have a user interface (UI) to test. Other aspects that may create hurdles are compliance, security, and the inter-dependencies that form the whole architecture.
Unlike normal application testing, SOA testing calls for high domain expertise on the part of the testing professional. The SOA tester should be able to test and see that the SOA befittingly meets the business requirements. The tester should understand the need for the deployment, the parameters that SOA will operate on, and what the final outcome should precisely be.
The V model of SOA testing
This model takes both the approaches: top-down and bottom-up. For example, you have a user requirement from which you prepare a UAT (user acceptance testing). Then you prepare the requirement specifications and then the function specifications. This is the top down approach. For the bottom up approach, you will first do the unit testing, the integration testing, and lastly the acceptance testing. In this model, the V model, the facets of testing--the UAT, integration and systems testing, requirement and function testing--are all undertaken but which one comes first may differ.
This model is applicable to any kind of system testing and covers the whole lifecycle of the development. Other areas of testing which are specific to an SOA environment like security testing, governance testing, process architecture level testing, and service level component testing are all easily incorporated into this model.
Check if your SOA testing has all the following steps:
- Governance testing: In this step, you need to check if the SOA meets all the business policies, audit policies, SOX, SaaS, infrastructure policies like data disaster recovery and back-up.
- Service component level testing: This will be the review by the users to check that the SOA meets the quality level expected by the business and meet standards.
- Service level testing: This is functional testing to check the performance level and application security.
- Integrated testing: This is to ensure that the system and the SOA are well integrated and that there are efficient layers of communication between the two. This step helps you make sure that functional protocols are met.
- Architecture testing: In this step, the tester checks if the business logic, sequence, exceptional handling, process composition are met.
- System level testing: This is to ensure user acceptance and to figure out how the SOA behaves and responds under the various conditions that it needs to be invoked.
- Security testing: This helps you combine the government’s regulations and other security aspects of the system by internal standards.
Certain SOAs cannot be invoked directly because they lack UI like for Web services or other such components. Here, the UI will have to be developed in-house to test it or you may involve a third-party service provider to do so.
And finally, here is a small success tip: Keep a written document detailing all the steps and difficulties faced during the testing process. Also add to this log, the business rules that need to be complied with (for the SOA). Remember that tweaks and changes will have to be made and new areas will have to be tested even after you move into production.
About the author: Suraj Dubey is the vice president at Osource India and oversees the planning and continual alignment of IT systems to strategic business drivers. He is responsible for the execution, implementation, and delivery of service / software solutions for Osource customers. Prior to joining Osource, Suraj worked with the Indian Air Force as a Combat Member for over a decade, wherein he was involved in information security and software project development. He is post graduate in Software Engineering and holds ISO 27001 LA and CISA certifications.
(As told to Sharon D'Souza)
This was first published in March 2012