On Quality

I recently sat down with Fritz Nelson of InformationWeek and walked him through a demo of CAST.

I tried to explain as clearly as I could the value of CAST to CIOs and their IT organizations.

To see the video click here.

A recent Booz Allen economic study highlights two key drivers of cost savings in a cloud environment: the speed at which you migrate your applications to the cloud and the extent to which you can reduce the internally-managed infrastructure supporting these migrated applications. The faster the better; the greater the reduction of internally-managed infrastructure the better.

But even before you get to the speed of migration, there’s a more fundamental question to answer: Which applications are suitable for migration to the cloud? Answering this question will depend on the specifics of your application portfolio and your (and your business’) appetite for risk. In particular, you’ll have to find the right balance between cost reduction and performance and security issues.

Here is how CAST’s quality metrics can inform your migration plan.

A CAST analysis can determine which applications are ready for cloud migration and vet the performance of those applications before you put it on the cloud. Once on the cloud, CAST enables you to painlessly monitor your application’s performance to ensure you are not wasting your money.

a. Understand how well the application will perform, measure robustness, performance, and security. Some of these factors can be exacerbated in a cloud environment; best to know that before you migrate. Also keep in mind that cloud hosts can kick you off the cloud if they determine that your application puts others on the cloud at risk.

b. In measuring quality, CAST can also quickly highlight and measure the drivers of application costs. Some of these cost drivers remain whether you’re on the cloud or not, so it’s important to know about them from the start.

c. If cloud is a cost cutting measure, use CAST metrics to make sure you’re not burning more MIPS, using more memory, and transferring more data than you should.

Use application quality information to make the best migration decision.

Kickoff 2010! Every year, the entire company gathers in one physical location to strengthen relationships, forge new ones, and internalize CAST’s values and goals. Kickoff 2010 was super! I was delighted to meet some good friends and make many new ones.  The intelligence and creativity of CAST folks is impressive — no wonder we are THE Application Intelligence company.

We spent the day at La Maison de la Chimie in a spectacular auditorium. It was a long day, packed with creative presentations, two short CAST adverts, and a CAST theme song! C-A-S-T for IT!

Maison de la Chimie Auditorium

We had dinner at la Maison des Polytechniciens.

La Maison des Polytechniciens

You can see more pictures on the CAST’s Facebook page. Send me your pictures!

Yesterday CAST  hosted a breakfast for IT leaders in government agencies – one of the themes was moving applications to the Cloud.  I was surprised (and relieved) to see so many agencies represented – FEMA, DHS, SEC, NASA, and the Defense Intelligence Agency just to name a few. 

Based on yesterday’s conversation and the questions from the audience, I’m even more convinced this is something companies are going to keep asking us about.  The considerations around reliability, security and maintainability don’t change when you move applications to the Cloud – if anything they become more serious. 

I’m certain this is going to be a theme for 2010 and luckily for me, CAST belongs in this conversation.

Our customers will need guidance on which applications make sense to move and which don’t – and how to make sure those applications they migrate to the Cloud don’t pose risks or compromise performance. 

To hear more about our thoughts on cloud, see Jitendra’s knowledgeable and clever post, ‘Cloud – is that something you might be interested in?’

If you’re interested in the presentations from yesterday, comment and I’ll send them to you.  Because it was so popular we might record a web session, but for the private sector. Stay tuned!

If you’ve been in any airport in the last few years, you’ve seen ads from HSBC – the global bank that prides itself on local knowledge.

The point is, context matters. The same outfit means opposite things depending on where you are or who you’re with. The same thing applies to software quality. Quality is not just a local thing — only when you have global knowledge can you act effectively on the local level.

Two of my colleagues, Olivier Bonsignour and Bill Curtis recently wrote an article explaining this at length. Here is a summary of their excellent article — well worth checking out in full.

“Quality is not an intrinsic property of code: the exact same piece of code can be excellent in quality or highly dangerous depending on the context in which it operates. Analyzing the quality of modern applications in the context of the numerous interconnections with other code, databases, middleware, and APIs is monstrously complex. It can only be accomplished with automated software that analyzes the inner structure of all components and evaluates their interactions in the context of the entire business application.”

They go on to show the quality problems that arise when context is ignored. Again, I’ll summarize. You can find the detailed examples here.

Typical application quality problems are listed below to clarify the distinction between application and code quality. Performance testing alone is not sufficient to detect these application quality problems.

A. Bypassing the Architecture. Components in one tier of a multi-tier application are typically designed to access components in another tier only through an intermediate “traffic management” component. Bypassing this traffic management component will usually result in a cascade of problems.

B. Failure to Control Processing Volumes. Applications can behave erratically when they fail to control the amount of data or processing they allow.  This problem is often caused by a failure to incorporate controls in each of several different architectural tiers.

C. Application Resource Imbalances. When database resources in a connection pool are mismatched with the number of request threads from an application, resource contention will block the threads until a resource becomes available, tying up CPU resources with the waiting threads and slowing application response times to a crawl.

D. Security Weaknesses. Applications are vulnerable to security attacks when they lack appropriate sanitization checks on user inputs in all relevant tiers of the application.

E. Lack of Defensive Mechanisms. Since the developers implementing one tier cannot anticipate every situation, they must implement defensive code that sustains the application’s performance in the face of stresses or failures affecting other tiers.  Tiers that lack these defensive structures are fragile because they fail to protect themselves from problems in their interaction with other tiers.

Each of these application quality problems will result in unpredictable application performance, business disruption, data corruption, and make it difficult to alter the application in response to pressing business needs. Reliably detecting these problems requires an analysis of each application component in the context of the entire application as a whole – an evaluation of application rather than code quality.