Authors: Kees Blokland, Jeroen Mengerink, Martin Pol
Publisher: Rocky Nook
Pages: 184
Audience: IT managers
ISBN: 978-1937538385
Print: 1937538389
Kindle: B00FEQLODC
Rating: 4 
Reviewer: Kay Ewbank

How can you ensure a cloud service does what you want it to do?

Testing an app or service that lives within boundaries that you govern is hard, but testing a cloud service that you want to use presents a whole extra set of uncertainty. This book has a subtitle of how to Test SaaS, PaaS & IaaS, and the authors aim is to highlight the risks that are particular to working in the cloud, and how you can test those areas.  

This is a fairly slim book that has just six chapters, but the material in it is well written and to the point. There’s a brief introduction, followed by an explanation of what cloud computing actually is, and the different service and implementation models. The role of the test manager is explained in a chapter that is a lot more interesting and useful than the title suggests. As elsewhere in the book, the authors make good use of checklists and questions that should be asked. There’s a good description of how to create realistic end to end testing for a cloud system, and what tasks should be included when selecting, implementing, and running a production version of a service.

For most developers, the real material of the book starts with Chapter 4, titled from Risk to Test. The authors discuss several different categories of risk – performance, security, availability and continuity, functionality, maintainability, legislation, and suppliers and outsourcing. For each risk they break the overall risk into specific likely risks within that category, and give links to the tests (later in the book) that you should run to check for that particular risk. A risk table is shown for each category, with all the risks and the tests laid out.  

 The next chapter, Test Measures, essentially discusses the tests that you can do, and that are referred to in the previous chapter. The suggested tests include tests to run when you’re comparing service providers with a view to selecting one; performance measures such as load, stress, and elasticity. The security tests discuss testing authentication, encryption, and robustness against attacks. Manageability tests consider how to keep the service and processes around it in working order, while the section on availability and continuity testing has a good description of the difference between the two, and how to carry out failure mode and effect analysis (FMEA). The functionality testing section is mainly aimed at platform and infrastructure as a service, with different emphasis depending on whether you expect your service provider to keep the in-house software operational, or keep the environment operational. The chapter ends with sections on how to test migration processes, and how to take account of legislation and regulations.

This book was a lot more interesting than I expected. The discussions were down to earth and useful, and I can imagine a lot of IT managers finding the checklists of questions and tests invaluable. For developers, it’s less directly relevant, but still interesting and a good guide to formalizing your own testing regime.