20080403 hans wallentin.ppt
DESCRIPTION
TRANSCRIPT
© 2006 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice
Hasses hörna...
Hans Wallentin
HP Software
Agenda
•What’s new in Quality Management?−Quality Center
−Performance Center
−Application Security Center
•The BTO Symphony
2 Confidential & Proprietary
3 April 8, 2023
HP Software BTO centers
Business outcomes
APPLICATIONSSTRATEGY
Project & Portfolio
Management Center
CIO office
CTO office
SOACenter
SAP, Oracle, SOA, J2EE, .NET
QualityCenter
PerformanceCenter
Application Security Center
Quality management
OPERATIONSBusiness service
managementIT service
management
Business Availability
Center
Operations Center
Network Managemen
t Center
Service Managemen
t Center
Identity Center
Client Automation
Center
Data Center Automation
Center
Business service
automation
Universal CMDB
Operations OrchestrationQualityCenter
PerformanceCenter
Application Security Center
© 2006 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice
BTO Applications Roadmaps
APPLICATIONS
SAP, Oracle, SOA, J2EE, .Net
QualityCenter
PerformanceCenter
Application Security Center
Quality Management
5
HP Quality Center
Foundation
Shared data repository
Central administration
Workflows Open APIs
TestDirector for Quality Center
Dashboard
HP Quality Center
Center Management
Core modules Add-on modules
Functional TestingQuickTest
ProfessionalWinRunnerService Test
SOA Testing
QAInspect
Security Testing
Release Mgmt.
Requirement Mgmt.
Risk-basedTest
Mgmt.
Defect Mgmt.
BusinessProcessTesting
ServiceTest
Mgmt.
QA LabMgmt.
SAP ChangeImpact Testing
HP Restricted & Subject to Change without NoticeJanuary 2008
Quality Center News• TestDirector version 9.2
−Released Q3 2007
• QTP version 9.5−Released Q1 2008
• AJAX – Web Extensibility, Firefox 3, Oracle Apps 12i, etc.
• Process Guidance, Maintenance Mode, Checkpoint
• BPT 4 SAP
• WinRunner EOS
6 Confidential & Proprietary
77
Process Guidance• Adding best practices to
QTP
• QuickTest will be shipped
with several built-in
processes.
• Keyword driven testing
• Business process
testing
• QTP helps you define and
propagate your company
processes to your
colleagues and partners
• Easily create your own
process
• How to create your own
process guidance
HP and Partner Internal Use
88
Maintenance Run Mode
HP and Partner Internal Use
99
Checkpoint Management
• Checkpoint and Output objects are now stored in
and managed through the Object Repository
• Shared Checkpoint and Output using Shared Object
Repository
HP and Partner Internal Use
1010
All-in-one QuickTest Installation
• All QuickTest Add-ins come together with QTP on a single
DVD
• Improved silent
installation
• Pure MSI installation for
easy distributed
deployment
HP and Partner Internal Use
BPT 4 SAP - Objectives
Create a solution that will allow the business analyst (a non-technical user) to:
11 April 8, 2023
Quickly and efficiently create a suite of tests that run against the SAP
environment
Use these tests to validate SAP customizations
Update the relevant tests when necessary in a simple and efficient way
Components for the Flow are automatically created, with the appropriate parameters
and default values
Components for the Flow are automatically created, with the appropriate parameters
and default values
WinRunner EOS• End-of-support for HP WinRunner - all
versions, all editions on February 15, 2008. • Customers who are paying full support for
their WinRunner licenses will be entitled to an equivalent Functional Test license at the end of the renewal period for their WinRunner license.
• Full support will be available until August 1, 2009. Limited support will be available from August 1, 2009 to January 1, 2011
17 Confidential & Proprietary
18
HP Performance Center
Foundation
User/privilege management
Infrastructure management Central repository Global access and
collaboration
Dashboard
HP Performance Center
Center Management
Demand Project Resource
Diagnostics
J2EE .NET SOA SAP Oracle
LoadRunner/Performance Center
VuGen Controller Load Generator Analysis Monitors
HP Restricted & Subject to Change without NoticeJanuary 2008
Performance Center News• Performance Center / LoadRunner 9.1
−Web 2.0 enhancements• Flex support
• Ajax frameworks
−Protocol SDK recording
−Click’n Script protocol support
19 Confidential & Proprietary
For HP and Partner Internal Use. May not be shared externally.
Visual Script Creation Environment
•The Click & Script technology family:
• Web C&S• PeopleSoft C&S• AJAX C&S• SAP C&S • Oracle C&S
Faster Learning
CurveShorter
Development Time
More Users Enabled
21
HP Application Security Center
Foundation
Dashboard
HP Application Security Center
Assessment Management Platform
Policy and compliance
Centralized administratio
n
Vulnerability and risk
management
Alerts and reporting
Distributed scanning
DevInspect
Microsoft Visual Studio
Eclipse
IBM RAD
QAInspect
HP Quality Center
HP Functional
Testing
Intelligent engines
SecureBase
Security toolkit
Open APIsSmartUpdateReportingHybrid
analysis
WebInspect
HP Restricted & Subject to Change without NoticeJanuary 2008
22 April 8, 2023
HP + SPI Dynamics
• SPI Dynamics had been a long-time partner of HP (Mercury)
• Extends our application portfolio and quality management solutions with new control
• Addresses the growing demand for increased application security
• Delivers an integrated market-leading solution that targets security, development, QA and operations teams
A leader in web application security lifecycle solutions
Source: Published analyst rankings; HP estimates
23 April 8, 2023
Application security is weakness in security
Security is many things to many people
• Network layer• ID theft• Physical• Administrative• Patches• Infrastructure• Denial-of-service attacks• Hacks• Worms and viruses• Terrorism (cyber or physical
Figure 1. Security 101
Network
Application
Database server
Web server
Application server
Operating system
75 percent of hacks occur at
the application
level
Source: Gartner (November 2005)
24 April 8, 2023
Enterprise application security assurance
24
Assessment Management Platform
Source code validation
Source code validation
QA, integration
testing
QA, integration
testing
Production assessmentProduction assessment
DevInspect QAInspect WebInspect
PlanPlan Requirements Requirements DesignDesign BuildBuild ProductionProductionTestTest
Enterprise security assurance and reporting
Application Security Center lifecycle coverage
25 April 8, 2023
HP DevInspect
• Find security defects in development−Source code analysis + black box testing = Hybrid Analysis
• Fix using HP SecureObjects code library• Integrations available for leading IDEs
−Microsoft Visual Studio, OBM Rational Application Developer, Eclipse, C#, Visual Basic, .NET, Java
• Integrates with HP Application Management Platform for management and reporting
Find, fix and protect: Accelerate more secure application development
PlanPlan Requirements Requirements DesignDesign BuildBuild ProductionProductionTestTest
26 April 8, 2023
HP DevInspect: Hybrid Analysis
In this example, source code analysis identifies input that black box testing determines is vulnerable to SQL injection.
27 April 8, 2023
HP QAInspect
• Automatic security defect detection: Find and prioritize security defects
• Built-in security expertise: Combine daily updates for vulnerability checks with Intelligent Engines
• Comprehensive defect reporting: Get detailed information and remediation advice for each vulnerability
• Regulatory compliance support: Use reports for more than 20 laws, regulations and best practices, including Sarbanes-Oxley Act (SOX), HIPAA and Payment Card Industry (PCI) Data Security Standard (DSS)
• Integrates with HP Quality Center, HP TestDirector for Quality Center, HP QuickTest Professional, HP WinRunner and HP Business Process Testing
• Integrates with HP Application Management Platform for management and reporting
Find security defects during QA testing
PlanPlan Requirements Requirements DesignDesign BuildBuild ProductionProductionTestTest
28 April 8, 2023
HP Quality Center: integrated testing• Easily add
security tests to your existing testing plans
• Run all QA tests from HP TestDirector or HP Quality Center
29 April 8, 2023
HP Quality Center: embedded configuration• Use an
embedded configuration user interface
• Dynamically pull details from HP TestDirector and HP Quality Center customizations
30 April 8, 2023
HP Quality Center: built-in security expertise• Detailed descriptions of security defects • Vulnerability summary, fix details, severity and others
31 April 8, 2023
HP WebInspect
• Find security defects during production• Detailed reporting and compliance
−More than 20 major regulations, including Payment Card Industry (PCI) Data Security Standard (DSS), Sarbanes-Oxley Act (SOX) and HIPAA
• Extensible, custom check wizard• Advanced penetration tester toolkit• Integrates with HP Application Management
Platform for management and reporting
For security professionals and advanced security testers
PlanPlan Requirements Requirements DesignDesign BuildBuild ProductionProductionTestTest
32 April 8, 2023
HP WebInspect 7.5 overview
33 April 8, 2023
HP Assessment Management Platform
• Manage the assessment process• Plan and mitigate risk• Enable virtual, global teams across the lifecycle• Centralize scanning administration• Scale the assessment process• Track and manage using sophisticated reports
Assess and manage application security risk across the enterprise
PlanPlan Requirements Requirements DesignDesign BuildBuild ProductionProductionTestTest
34 April 8, 2023
HP Assessment Management Platform
• Configurable dashboard−Users can get
the snapshot view they need to make decisions
−Users can add or remove parts, reorganize information and create their own graphs
Manage global, virtual security teams with a web user interface
© 2006 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice
BTOSymphony
36 January 200836
HP Software BTO system
Business outcomes
APPLICATIONSSTRATEGY
Project & Portfolio
Management Center
CIO Office
CTO Office
SOACenter
SAP, Oracle, SOA, J2EE, .Net
QualityCenter
PerformanceCenter
Application Security Center
Quality Management
OPERATIONSBusiness Service
ManagementIT Service
Management
Business Availability
Center
Operations
Center
Network Management
Center
Service Management
Center
Identity Center
Client Automation Center
Data Center
Automation Center
Business Service
Automation
Universal CMDB
Operations Orchestration
The industry’s most comprehensive IT management portfolio
37 January 200837
APPLICATIONSSTRATEGY
SOACenter
QualityCenter
PerformanceCenter
Application Security Center
OPERATIONS
Business Availability
Center
Operations
Center
Network Managemen
t Center
Project & Portfolio
Management Center
Service Managemen
t Center
Identity Center
Client Automation Center
Data Center
Automation Center
1. Common orchestration system
2. Common virtual data model
3. Common extensibility interfaces (SOA/Web Services APIs)
End-to-end automation to maximize IT efficiency and business value
The BTO approach to integration
38 January 2008
BTO Configuratio
n Management
BTO Data
Warehouse
SOA architecture implementation with shared
architectural services
SOA reference architecture and shared architectural services
Cross-portfolio reporting and
analytics
Integration strategy focus
Orchestrations & composition of solutions
BTO Center A
Single common
data model
Standard ETL
technology
Embedded reporting and operational data
store
BTO Center B
BTO Center A
Standard reporting
and analytics
technology
Common service
definitions
BTO Center B
3rd Party product
3rd Party product
Integration Blueprints
published & governed
Management capabilities
as Web services
Reference architecture
& deployments descriptors
E.g. Registry, Security,
Transformation…
Reference implementat
ion
E.g. Registry, Security,
Transformation…
Integration methodology, catalogue and governance for product releases in support
of integrated solutions
Cross-portfolio reports, custom
reports & analytics
Analytic Packs
DATA INTEGRATION PROCESS INTEGRATION
3rd Party data
stores
HP Restricted & Subject to Change without Notice
© 2006 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice
Questions?
© 2006 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice
Thank You