@DevOpsSummit Authors: Liz McMillan, Pat Romanski, Dalibor Siroky, Jignesh Solanki, Dana Gardner

Related Topics: @DevOpsSummit, Containers Expo Blog

@DevOpsSummit: Blog Post

How API Testing Helps the Netherlands | @DevOpsSummit #API #DevOps

Learn how they reduced testing time for new releases from 3 weeks to just 1 day

How API Testing Helps the Netherlands Ensure the Security and Reliability of its Nationwide ID System

The Netherlands recently rolled out a new personal identification system, dubbed the Citizen Service Number (CSN), on a nationwide basis. The CSN is used by health care organizations, governmental entities and immigration officials to ensure proper identification and enable the provision of relevant services.

Considering the importance of this advanced system to the welfare and support of all citizens, the Dutch Ministry of Internal Affairs, which was responsible for its roll out, focused on ensuring that the system's performance was exceedingly high. Fortunately, the ministry was able to meet its ambitious objectives within a demanding time frame.

Using the top-ranked functional test automation / API testing tool, the organization reduced testing time for new releases of CSN from three weeks to just one day. This enabled the ministry to accelerate the project's completion while maintaining top levels of software quality. Through regression and load testing, the organization has certified the system's ability to handle 100 million transactions a year with a peak load of 200 transactions per second.

Challenge: Build a Robust and Secure CSN System
When the Dutch government decided it needed a new system for integrating and managing citizen records and information for identification purposes, it turned to the Ministry of Internal Affairs. The organization, one of 13 government ministries in The Netherlands, is responsible for ensuring the integrity of personal records and documents including travel documents and passports. Agency BPR, a unit overseeing personal document management within the ministry, was given the task of designing, developing and certifying a new system that could handle this momentous task.

The high profile initiative, which would be known as the Citizen Service Number (CSN), demanded that the ministry build a highly robust and secure system within an aggressive timeframe. Not only will performance of the system be closely observed upon roll out, expectations will be extremely high. There is little margin for error. Given these requirements, the ministry recognized early that it would need to take an advanced approach toward software quality management.

Clearly, the stakes were high. "This was going to become the only identification number for citizens of The Netherlands," says Hedde van der Lugt, the CSN project leader in Agency BPR. "It needed to enhance the efficiency of government and improve services to citizens. We were responsible for ensuring the integrity of the system."

At launch time, the initiative's project team was clearly off to a successful start in terms of its programming efforts. It was software testing that needed to be rethought. Test data was being laid out in Excel spreadsheets, which then had to be laboriously copied into current testing tools for regression and load testing. "We released software quickly, but testing was slow in relation to release frequency," adds van der Lugt. "We needed a testing solution to help us gain time."

Given the manual nature of existing approaches, it was taking more than three weeks to complete all functional tests. That was an unacceptably slow pace. So, the ministry's system development team began exploring other alternatives.

Action: Selecting an Automated API Testing Tool that Suited Their Needs
In a thorough assessment of market options, Agency BPR examined proprietary and open source products from an array of sources. It considered multiple technical and security criteria. It also looked at the availability of local service and support. Finally, it took pricing and cost effectiveness into consideration.

Ultimately, the unit concluded that Parasoft's API Testing solution was the appropriate solution to its challenges. Other tools required extensive scripting or performed poorly in relation to SSL security protocols, or simply cost too much to license.

The Parasoft API Testing solution enabled the effective automation of performance, stress and load testing - critical to ensure the robustness and security of the system. "Parasoft's API Testing solution was clearly the easiest product to work with," says Martin Folkerts, the project's test coordinator. "That was a key issue for us. The users of the testing tools were not programmers. We knew the tool had to be very user friendly."

The ministry chose to apply API Testing in multiple ways. First, the development group conducted regression tests, ensuring no defects had been introduced in new versions and that previously verified code continued to meet its specifications. Second, they performed load and stress testing to ensure that the system was robust enough to meet exacting demands. Finally, they completed functional testing once their application development partner completed each new release.

Using this test automation, new releases installed in production are accessed by a 10 minute "go, no go" test run to determine the correct installation in production. If there are errors that remain to be corrected, the software code can be sent back to the partner. But if the release is demonstrably stable and secure, then it is incorporated into the system.

Folkerts describes the actual deployment of Parasoft's API Testing solution as "very easy." As he explains, "The only thing we had to do was put the test data in a format that the solution could easily read. Then, I made a document explaining Parasoft's API Testing solution to our team in a couple of days. It was a fairly easy transition. Before this, the testers had to do a lot of copying and pasting so they were very happy with this new approach."

Results: Speeding Up the Software Development Lifecycle
The payoffs associated with the Parasoft investment have proven very significant. Most importantly, the introduction of Parasoft's API Testing solution reduced functional testing periods from three weeks to merely one day. "The software offered us significant gains in productivity," says van der Lugt. "We could generate many more release test cycles within a given timeframe."

Indeed, the ministry's development team also saw the productivity of its testing group rise measurably. "The work changed from manual labor to the development of interesting test cases," says Folkerts. "A lot of manual labor disappeared and was outmoded. This enabled us to speed up the development cycle. We could now generate a release every three days instead of every three weeks."

Such efforts represented huge wins for the ministry charged with the monumental task of rolling out the new system to serve 16 million Dutch citizens. Through a combination of regression, functional and load testing, the organization has certified the system's ability to handle 100 million transactions a year with a peak load of 200 transactions per second.

Parasoft's automated testing infrastructure enabled the ministry to easily leverage functional test cases into load tests to simulate a realistic load on the system. The development team's ability to perform high quality load tests in an automated fashion, meanwhile, clearly accelerated the project's completion.

"It's essential that the integrity of the system is guaranteed," says van der Lugt. "We believe Parasoft's API Testing solution has helped us to guarantee 100% reliability of this system in a more rapid fashion than otherwise would have been possible. It's a valuable product that has covered all our needs."

More Stories By Cynthia Dunlop

Cynthia Dunlop, Lead Content Strategist/Writer at Tricentis, writes about software testing and the SDLC—specializing in continuous testing, functional/API testing, DevOps, Agile, and service virtualization. She has written articles for publications including SD Times, Stickyminds, InfoQ, ComputerWorld, IEEE Computer, and Dr. Dobb's Journal. She also co-authored and ghostwritten several books on software development and testing for Wiley and Wiley-IEEE Press. Dunlop holds a BA from UCLA and an MA from Washington State University.

@DevOpsSummit Stories
As Marc Andreessen says software is eating the world. Everything is rapidly moving toward being software-defined – from our phones and cars through our washing machines to the datacenter. However, there are larger challenges when implementing software defined on a larger scale - when building software defined infrastructure. In his session at 16th Cloud Expo, Boyan Ivanov, CEO of StorPool, provided some practical insights on what, how and why when implementing "software-defined" in the datacenter.
ChatOps is an emerging topic that has led to the wide availability of integrations between group chat and various other tools/platforms. Currently, HipChat is an extremely powerful collaboration platform due to the various ChatOps integrations that are available. However, DevOps automation can involve orchestration and complex workflows. In his session at @DevOpsSummit at 20th Cloud Expo, Himanshu Chhetri, CTO at Addteq, will cover practical examples and use cases such as self-provisioning infrastructure/applications, self-remediation workflows, integrating monitoring and complimenting integrations between Atlassian tools and other top tools in the industry.
The need for greater agility and scalability necessitated the digital transformation in the form of following equation: monolithic to microservices to serverless architecture (FaaS). To keep up with the cut-throat competition, the organisations need to update their technology stack to make software development their differentiating factor. Thus microservices architecture emerged as a potential method to provide development teams with greater flexibility and other advantages, such as the ability to deliver applications at warp speed using infrastructure as a service (IaaS) and platform as a service (PaaS) environments.
The use of containers by developers -- and now increasingly IT operators -- has grown from infatuation to deep and abiding love. But as with any long-term affair, the honeymoon soon leads to needing to live well together ... and maybe even getting some relationship help along the way. And so it goes with container orchestration and automation solutions, which are rapidly emerging as the means to maintain the bliss between rapid container adoption and broad container use among multiple cloud hosts. This BriefingsDirect cloud services maturity discussion focuses on new ways to gain container orchestration, to better use serverless computing models, and employ inclusive management to keep the container love alive.
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices that will soon be in each of our lives. Enter the conversational interface revolution, combining bots we can literally talk with, gesture to, and even direct with our thoughts, with embedded artificial intelligence, which can process our conversational commands and orchestrate the outcomes we request across our personal and professional realm of connected devices.