Testing Cloud Services – How to Test SaaS, PaaS and IaaS – #cloud #bookreview

Testing Cloud Services

How to Test SaaS, PaaS & IaaS
Kees Blokland, Jeroen Mengerink and Martin Pol
(Rocky Nook – paperback, Kindle)

Cloud computing now affects almost all of us, at least indirectly. But some of us have to deal directly with one or more “clouds” on a regular basis. We select or implement particular cloud services for our employers or for our own businesses. Or, we have to maintain those services and fix any problems encountered by co-workers or employees.

Testing Cloud Services, written by three well-experienced test specialists, emphasizes that the time to begin testing SaaS (Software as a Service), PaaS (Platform as a Service), or IaaS (Infrastructure as a Service) is not after you have made your selections. You should begin testing them during the selection and installation processes and keep testing them regularly once they are live.

“Cloud computing not only poses challenges for testing, it also provides interesting new testing options,” the authors note. “For example, cloud computing can be used for test environments or test tools. It can also mean that all test activities and the test organization as a whole are brought to the cloud. This will be called Testing as a Service.”

Their well-written, six-chapter book deals with numerous topics related to using and testing cloud services, including the role of the test manager, identifying the risks of cloud computing and testing those risks, and picking the right test measures for the chosen services.

In Chapter 5, a significant portion of the book is devoted both to test measures and test management. “Testing SaaS is very different from testing PaaS or IaaS,” the writers state. Much of the lengthy chapter focuses on SaaS, but it also addresses PaaS and IaaS, and the authors describe the following test measures:

  • Testing during selection of cloud services
  • Testing performance
  • Testing security
  • Testing for manageability
  • Testing availability/continuity
  • Testing functionality
  • Testing migrations
  • Testing due to legislation and regulations
  • Testing in production

Particularly if you are a newcomer to choosing, testing, and maintaining cloud services, this book can be an informative and helpful how-to guide.

Si Dunn

The Practice of Network Security Monitoring – You’re compromised, so deal with it. #security #bookreview

The Practice of Network Security Monitoring

Understanding Incident Detection and Response
Richard Bejtlich
(No Starch Press – paperback, Kindle)

Security expert Richard Bejtlich’s focus in his new book is not on “the planning and defense phases of the security cycle.” Instead, he emphasizes how to handle “systems that are already compromised or that are on the verge of being compromised.”

His well-organized, well-written, 341-page book aims to help you “start detecting and responding to digital intrusions using network-centric operations, tools, and techniques.”

Bejtlich has long emphasized a “detection-centered philosophy” built around a straightforward central tenet: “Prevention eventually fails.” No matter how many digital walls and moats you build around your network, someone will find a way to tunnel in, parachute in, or sneak in via an unsuspecting employee’s $9.95 thumb drive.

“It’s becoming smarter,” he writes, “to operate as though your enterprise is always compromised. Incident response is no longer an infrequent, ad-hoc affair. Rather, incident response should be a continuous business process with defined metrics and objectives.”

You may recognize some of Bejtlich’s previous books on network security monitoring (NSM): The Tao of Network Security Monitoring; Extrusion Detection; and Real Digital Forensics.

The Practice of Network Security Monitoring is tailored toward two key audiences: (1) security professionals who have little or no experience with NSM; and (2) “more senior incident handlers, architects, and engineers who need to teach NSM to managers, junior analysts, or others who may be technically less adept.”

Readers, he add, should understand “the basic use of the Linux and Windows operating systems, TCP/IP networking, and the essentials of network attack and defense.”

The examples in Bejtlich’s book rely on open source and vendor-neutral tools, primarily from Doug Burks’ Security Onion (SO) distribution.

The 13-chapter book is organized into four parts:

  • Part I: Getting Started – Introduces NSM and sensor placement issues.
  • Part II: Security Onion Deployment – Shows how to install and configure SO.
  • Part III: Tools – Examines the “key software shipped with SO and how to use these applications.”
  • Part IV: NSM in Action – Looks at “how to use NSM processes and data to detect and respond to intrusions.”

Following the technical chapters, Bejtlich offers some concluding thoughts on network security management, cloud computing, and establishing an effective workflow for NSM. “NSM isn’t just about tools,” he writes. “NSM is an operation, and that concept implies workflow, metrics, and collaboration. A workflow establishes  a series of steps that an analyst follows to perform the detection and response mission. Metrics, like the classification and count of incidents and time elapsed from incident detection to containment, measure the effectiveness of the workflow. Collaboration enables analysts to work smarter and faster.”

He also observes: “It is possible to defeat adversaries if we stop them before they accomplish their mission. As it has been since the early 1990s, NSM will continue to be a powerful, cost-effective way to counter intruders.”

Si Dunn

Getting Started with Mule Cloud Connect – To help sort out the chaos of Internet services – #bookreview

Getting Started with Mule Cloud Connect
Ryan Carter
(O’Reilly – paperback, Kindle)

In a digital world increasingly cluttered with Software-as-a-Service (SaaS) platforms, Open APIs, and social networks, complexity quickly can get out of hand.

“It all starts,” Ryan Carter writes in his new book, “with a simple API that publishes somebody’s status to Facebook, sends a Tweet, or updates a contact in Salesforce. As you start to integrate more and more of these external services with your applications, trying to identify the tasks that one might want to perform when you’re surrounded by SOAP, REST, JSON, XML, GETs, PUTs, POSTs, and DELETEs, can be a real challenge.”

Indeed. But never fear, Mule ESB can ride to your rescue and connect you quickly and easily to the cloud. At least, that’s the marketing claim.

Some truly big-name users, it should be noted, are adding credibility to Mule’s claimed capabilities and usefulness as an Open Source integration platform. They include Adobe, eBay, Hewlett-Packard, J.P. Morgan, T-Mobile, Ericsson, Southwest Airlines, and Nestle, to mention just a few.

Meanwhile, riding Mule to the cloud is the central focus of this compact (105 pages), well-written get-started guide. Its author, Ryan Carter, is both a specialist in integration and APIs and “an appointed Mule champion” who contributes regularly to the MuleSoft community.

“Mule,” Carter points out, “is an integration platform that allows developers to connect applications together quickly and easily, enabling them to exchange data regardless of the different technologies that the applications use. It is also at the core of CloudHub, an Integration Platform as a Service(IPaas). CloudHub allows you to integrate cross-cloud services, create new APIs on top of existing data sources, and integrate on-premise applications with cloud services.”

The book is structured so you start off by building a simple Mule application that will serve “as the base of our examples and introduce some core concepts for those unfamiliar with Mule.” Then Carter shows and illustrates how to “start taking advantage of Mule Cloud Connectors.” He includes numerous code examples, plus some screenshots and diagrams.

The book’s six chapters are:

  1. Getting Started
  2. Cloud Connectors
  3. OAuth Connectivity
  4. Configuration Management
  5. Real-Time Connectivity
  6. Custom Connectivity

Carter emphasizes: “Mule Cloud Connect offers a more maintainable way to work with APIs. Built on top of the Mule and CloudHub integration platforms, Cloud Connectors are service-specific clients that abstract away the complexities of transports and protocols. Many complex but common processes such as authorization and session management work without you having to write a single line of code. Although service-specific, Cloud Connectors all share a common and consistent interface to configure typical API tasks such as OAuth, WebHooks, and connection management. They remove the pain from working with multiple, individual client libraries.”

If Mule does not have a connector for a resource that you need, the book shows you how to create your own.

Getting Started with Mule Cloud Connect can get you started on a beneficial ride of  discovery, and it can take you onto the trail that leads to solutions.

— Si Dunn

Enterprise Games – How to build a better 21st-century business with game mechanics – #business #bookreview

Enterprise Games: Using Game Mechanics to Build a Better Business
Michael Hugos
(O’Reilly, paperbackKindle)

Can 21st-century games and gamers attack and destroy the top-down, assembly-line thinking that still keeps many businesses firmly rooted in the previous century?

 Michael Hugos’ compelling new book makes a solid case that they can. Game mechanics, he argues, can reshape how workers work, how organizations are managed, and how business goals get accomplished in today’s volatile global economy.

“Games and the associated technology we currently refer to as video games offer us more than just a diversion and escape from difficult times,” contends Hugos. “They offer us field-tested models to use for organizing companies and performing complex and creative tasks. They offer clear and compelling examples for how people can work together, build their careers, and earn a living in rapidly changing and unpredictable environments.”

Hugos, principal at the Center for Systems Innovation, offers his well-written views in a 199-page book “loosely divided into three parts.”

Part One focuses on “ideas and case studies to illustrate how games can provide operating models to follow for redesigning work.”

Part Two presents “a discussion of games and game mechanics that are relevant to the way work is done.” He includes “specific examples, pictures, and case studies to show how game techniques and technologies can be applied to the design of new business systems and workflows.”

Part Three “describes business and social impacts of combining technology from video games with in-house corporate systems, consumer technology, and cloud computing. The book concludes with a discussion about where this is all going and what it might mean for the future of work.”

During the coming months, Enterprise Games may spur many discussions and arguments at all levels of enterprise. And these may lead to some business-model reorganizations not only in Corporate America but elsewhere in the interconnected global economy.

For these changes to happen, however, many company leaders will have to stop thinking “top down” and learn to adapt “the four traits of a game…goal, rules, feedback system, and voluntary participation” to how they to structure and operate a business.

“We all have a sense of what a game is,” Hugos notes. But most of us also have been taught that “play” is not “work.” Enterprise Games shows how the two concepts can be brought together in ways that can make companies more competitive and more profitable in these uncertain times.

Si Dunn

Understanding IPv6, 3rd Edition – Welcome to the new, improved & BIGGER Internet – #bookreview #microsoft #windows

Understanding IPv6, 3rd Edition
Joseph Davies
(Microsoft Press, paperback, list price $49.99; Kindle edition, list price $39.99)

The Internet can now expand into a much bigger realm than was possible before the worldwide launch of IPv6 (Internet Protocol version 6) on June 6, 2012.

The web most of us use has long relied on IPv4, the circa-1981 Internet Protocol built around 32-bit addresses. This scheme can accommodate approximately 4.3 billion unique addresses worldwide. On a planet where (1) the population now has surpassed 7 billion and (2) many of us now have multiple devices connected to the Web, Internet Protocol version 4 recently has been in dire danger of running out of unique addresses.

IPv6 will fix that problem and offer several important new enhancements, as long as we don’t find ways to expand the Internet to parallel universes or to the people on a few trillion distant planets. IPv6 uses a 128-bit addressing scheme that can accommodate more than 340 trillion trillion trillion unique addresses. So go ahead. Get online with that second iPad, third smart phone or fourth laptop.

IPv4 and IPv6 are now running in a dual stack that supports both addressing schemes. The transition from IPv4 to IPv6 is not seamless, however. A lot of work remains to be done by major Internet service providers (ISPs), web companies, hardware manufacturers, network equipment providers and many others to enable IPv6 on their products and services.

Joseph Davies, author of Understanding IPv6, has been writing about IPv6 since 1999. His new 674-page third edition provides both a detailed overview of IPv6 and a detailed focus on how to implement it, within a limited range of Windows products.

“There are,” he notes, “different versions of the Microsoft IPv6 protocol for Windows….I have chosen to confine the discussion to the IPv6 implementation in Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, and Windows Vista.”

This well-written and well-organized book is not for beginners. Its intended audience includes:

  • Windows networking consultants and planners
  • Microsoft Windows network administrators
  • Microsoft Certified Systems Engineers (MCSEs) and Microsoft Certified Trainers (MCTs)
  • General technical staff
  • Information technology students

Davies and Microsoft offer downloadable companion content for this book: Microsoft Network Monitor 3.4 (a network sniffer for capturing and viewing frames); and PowerPoint 2007 training slides that can be used along with the book to teach IPv6.

If you need a guide to best practices for using IPv6 in a Windows network, definitely consider getting Understanding IPv6, 3rd Edition.

Si Dunn

Introducing Windows Server 2012 – A guide to what’s coming in a much-anticipated release – #bookreview #microsoft

Introducing Windows Server® 2012
Mitch Tulloch with the Microsoft Server Team
(Microsoft Press, paperback, list price $14.99; Kindle edition,
list price $0.00)

 The anticipated release date for the new version of Microsoft Server®  is sometime between the third quarter of 2012 and early 2013. And this book’s introduction hails it as “probably the most significant release of the Windows Server platform ever.”

Windows Server® 2012, it states, will offer “an innovative new user interface, powerful new management tools, enhanced Windows PowerShell support, and hundreds of new features in the areas of networking, storage and virtualization.”

There also will be major emphasis on cloud computing. The product has been “designed for the cloud from the ground up and provides a foundation for building both public and private cloud solutions,” the book declares.

Introducing Windows Server® 2012 is “based on beta,” according to the cover disclaimer. And, according to the author, the book  “represents a ‘first look’ based on the public beta release of Windows Server 2012 and is intended to help IT professionals familiarize themselves with the capabilities of the new platform.”

The 235-page book is divided into five chapters:

  • Chapter 1 presents “The business need for Windows Server® 2012.” Not surprisingly, the main focus is on cloud computing and multi-server platforms.
  • Chapter 2’s focus is “Foundation for building your private cloud” and how the new product can provide “a solid foundation for building dynamic, highly scalable, multi-tenant cloud environments.”
  • Chapter 3 looks at the Windows Server® 2012 features and capabilities that can create a “[h]ighly available, easy-to-manage multi-server platform.”
  • Chapter 4 discusses how you can use the product to “[d]eploy web applications on premises and in the cloud,” with its “scalable and elastic web platform” and “[s]upport for open standards.”
  • Chapter 5 focuses on Windows Server® 2012 features and capabilities that are key to “[e]nabling the modern workstyle.” The author states: “Today’s business users want things simple. They want to be able to access their desktop applications, and data virtually anywhere, from any device, and have the full Windows experience. And from an IT perspective, this must be done securely and in ways that can ensure compliance at all times.”

Since this book is a “first look” written prior to the ready-to-manufacture (RTM) date, some of its screenshots, feature descriptions and stated capabilities may differ somewhat from the product that will be released.

But this overview can be a useful – and inexpensive — guide to have handy while considering whether to move to, or upgrade to, Windows Server® 2012.

Si Dunn

Learning iOS Programming, 2nd Ed. – Updated to cover iOS 5, iPad, iPhone, iPod Touch – #programming #bookreview

Learning iOS Programming, 2nd Edition
By Alasdair Allan
(O’Reilly, paperback, list price $34.99; Kindle edition, list price $27.99)

Alasdair Allan’s popular iOS programming book recently has been updated to cover iOS 5. And it has a new name. (The first edition was titled Learning iPhone Programming.)

“The changes made in this second edition reflect the fact that a lot has happened since the first edition was published: the release of the iPad, a major release of Xcode, two revisions of the operating system itself, and the arrival of Apple’s iCloud,” the author notes. “This book has therefore been refreshed, renewed, and updated to reflect these fairly fundamental changes to the platform, and all of the example code was rewritten from the ground up for Xcode 4 and iOS 5 using ARC.”

Allan’s book – well-written and appropriately illustrated – is structured to provide “a rapid introduction to programming for the iPhone, iPod touch, and iPad,” and it assumes that you have some familiarity with C or a C-derived language, as well as a basic understanding of object-oriented programming.

And the pace is fast. By chapter 3, you are building the requisite “Hello, World” application and running it in iPhone Simulator.

In that same chapter, Allan also introduces the basic syntax of Objective-C and highlights some of the “rather strange” ways that it deals with method calls. He discusses how the Cocoa Touch framework underlying iOS applications “is based on one of the oldest design patterns, the Model-View-Controller pattern, which dates from the 1970s.” And he warns that “[a]ttempting to write iOS applications while ignoring the underlying MVC patterns is a pointless exercise in make-work.”

Learning iOS Programming, 2nd Edition does not emphasize web-based applications. It centers, instead, on creating native applications using Apple’s SDK. “The obvious reason to use the native SDK,” Allan states, “is to do things that you can’t do using web technologies. The first generation of augmented reality applications is a case in point; these needed close integration with the iPhone’s onboard sensors (e.g., GPS, accelerometer, digital compass, and camera) and wouldn’t have been possible without that access.”

He emphasizes a financial reason, as well. “Consumers won’t buy your application on their platform just because you support other platforms; instead they want an application that looks like the rest of the applications on their platform, that follows the same interface paradigms as the rest of the applications they’re used to, and is integrated into their platform.”

He adds: “If you integrate your application into the iOS ecosphere, make use of the possibilities that the hardware offers, and make sure your user interface is optimized for the device, the user experience is going to be much improved.”

Hard to argue with that.

Learning iOS Programming, 2nd Edition provides the steps necessary to develop and market your first iOS application. Allan notes: “Until recently, the only way to obtain the iOS SDK was to become a registered iOS developer. However, you can now download the current release of Xcode and the iOS SDK directly from the Mac App Store.”

Of course, if you intend to distribute your applications “or even just deploy them onto your own device, you will also need to register with Apple as a developer and then enroll in one of the developer programs.”

You may need some system upgrades, as well. To develop apps for the iOS, you’ll need an Intel Mac running OS X 10.6 (“Snow Leopard”) or later. If you plan to create apps that use Apple’s iCloud, you’ll need OS X 10.7 (“Lion”) or later.

One other recommendation from Allan: If you’re truly serious about being an iOS developer, consider also registering with the Mac Developer Program.

#

Si Dunn is a novelist, screenwriter, freelance book reviewer, and former software technical writer and software/hardware QA test specialist. He also is a former newspaper and magazine photojournalist. His latest book is Dark Signals, a Vietnam War memoir. He is the author of an e-book detective novel, Erwin’s Law, now also available in paperback, plus a novella, Jump, and several other books and short stories.