manage application delivery on your journey to the...
TRANSCRIPT
Technology Shift
1972
SAP R/1
1979
SAP R/2
1992
SAP R/3
2000
mySAP
2004
SAP ERP
2011SAP HANA
2015SAP S/4 HANA
74% of the world’s transaction revenue touches an SAP software syste
Source: SAP and customer data
3
SAP Transformation journey…
New Technologies | S4/Hana/Fiori
New Business Models | Hana Cloud Platform
New Delivery Challenges | DevOps/Hybrid/Cloud
6
The challenges facing SAP customers as they transform to participate in the digital economy
▪ SAPs latest applications provide a rich service backbone designed to accelerate the transformation to the digital economy▪ Open APIs facilitate the design of composite services, integrating both SAP and non SAP applications to
create end to end digital process and information flows
▪ As customers transform to exploit these applications, seemingly minor changes to service components can have severe unintended consequences on e2e service quality and information flow
▪ This transformation requires in-flight upgrades to business critical processes▪ Complex migrations across multiple solution domains
▪ Lack of qualified SAP experienced staff
▪ All this in highly regulated environments
8
SAP & Micro Focus ADM Partnership
“Market leader in
enterprise application software”
“Accelerating delivery, and
ensuring quality and security at every stage of the application
lifecycle”>1,500
Joint customers
12Years of partnership
SOLEXMicro Focus ADM is SAP’s exclusive
solution extension vendor
INTEGRATIONMicro Focus solutions for SAP Web and Mobile
are integrated into the SAP Cloud Platform
9
Micro Focus ADM adds value to SAP Environments
Challenges ADM Capabilities
Many deployments into highly regulated environments
ALM.net and ALM Octane offers governance and traceability of SAP environments
Proprietary attributes in SAP GUI, UI5, and Fiori
Complex dependencies, diverse ecosystem, proprietary protocols
DevOps: Slow-moving system of record vs. fast-moving system of engagement
SAP development activities shifting towards the SAP Cloud Platform (SCP)
Sole vendor supporting SAP protocols across functional, performance and mobile testing
Virtualization of SAP and non-SAP systems, with full support for the SAP protocols, eg. iDoc, RFC.
ALM.net with ALM Octane bridges the gap between slow and fast-moving environments
SCP integration for automated testing (SRF), and complete managed DevOps pipeline (soon)
10
REQUIREMENTS
TEST MANAGEMENT
SERVICE VIRTUALIZATION
MANUAL TESTING
SECURITY TESTING
TEST AUTOMATION
PERFORMANCE TEST
11
Micro Focus ADM | End-to-End SDLC for SAP
Strategy to Portfolio
Detect to Correct
Requirement to Deploy
Request to Fulfill
Project and Portfolio Management Requirements
Software Change & Configuration Mgmt
Application and End User Monitoring
Mainframe + COBOL
Functional Test
Lifecycle Virtualization
Performance Test
Security Test
Mobile App TestRelease Management
Deployment Automation
Micro Focus ADM| End-to-End Portfolio for SAP
Strategy to Portfolio
Detect to Correct
Requirement to Deploy
Project & Portfolio Mgmt
Atlas
Caliber
Project, Portfolio and Requirements
AccuRev
Dimensions CM
Star Team
PVCS
Software Change & Configuration Mgmt
Application and User Monitoring
AppPulse
Silk Performance Manager
Functional TestUFT
BPT
SprinterStormRunner Functional
Silk Test
Silk WebDriver
Performance TestLoadRunner
Performance Center
StormRunner LoadSilk Performer
Digital LabMobile Center
Service Virtualization
Network VirtualizationRelease Control Deployment Automation
Request to Fullfill
SECURITYIntegrate continuous security testing and feedback directly into the SDLC
PREDICTIVE ANALYTICSAdvanced analytics at every phase of the lifecycle
MAINFRAME + COBOLModernize mainframe applications to more flexible platforms and architectures
IT OPERATIONSEffectively manage Hybrid IT environments through automation and orchestration
Hybrid Cloud Automation
Data Center Automation
Service Management Automation
IT Operations
Security TestFortifyData Insights
Vertica
ChangeMan
Mainframe + COBOL
StarTool ESync
Enterprise Developer
Visual Cobol
Mainframe + COBOL
Dimensions RMRhythm
AREA
Lifecycle
Functional
Virtualization
SolMan, BPCA
SAPGUI, SAPUI, Fiori, WDA\J, NWBC, Portal, WebCUIF, ITS, IDOC, RFC, Odata and more
SAP GUI, SAP UI, SAP Fiori
IDOC, RFC
TECHNOLOGY
Supported SAP Technologies in Testing
13
Performance
14
ALM.net* directly integrated with SAP SOLMAN ® is SAP preferred solution to manage Application
Quality in complex SAP implementationsSAP QC* | MF Octane
15
MF UFT* family is the industry widest and more complete test automation tool
MF SRF solves all the testing lab problems and is directly connected with SAP Cloud Platform and FIORI
MF Sprinter enables manual test automation for SAP which allows higher level of compliance and efficiency
SAP UFT* | SAP BPT* | MF LeanFT | MF Silk Test
MF Sprinter
MF Storm Runner Functional
16
MF Performance testing family allows quick and scalable SAP stress test
MF Service Virtualization is the only solution certified by SAP
SAP Loadrunner* | MF Performance Center | MF SRL | MF Silk Performer
MF Service Virtualization*
MF AppPulse synthetic monitoring and mobile analytics for your SAP Fiori applications
MF AppPulse
SAP Cloud Platform with MicroFocus StormRunner Functional
SAP Cloud Platform WebIDE
Automate SAP tests that run in an elastic lab, all from within the SCP WebIDE
Configure SRF within SCP
Automate SAP tests from within SCP
Control an elastic lab for parallel SAP test execution
Security Testing - FortifyFastest and easiest way to assess software risk during the HANA journey
• Delivered on the cloud or on-premise, HP Fortify tests and scores the security of any application• Enables a systematic approach for eliminating the security risk in software • Automated application security testing throughout the software lifecycle• Together with SAP CVA, you will get an comprehensive view of your entire enterprise security landscape
Dynamic RuntimeStatic
Production
Fortify on Demand App Defender
On Premise App Defender
Application Development
TestCodeDesignIntegration & Staging
IT Operations
On Demand
WebInspectStatic Code Analyzer
Software Security Assurance (SSA & SDLC)
Design Code TestIntegration
- StagingOperate
Development
Security
Testing / Operations
WebInspect Enterprise (WIE)Continuous Web Monitoring (CM)
On-demand Web Scans
Web Inspect (WI)
Fortify Dynamic SuiteStatic Code Analyzer (SCA)
Fortify Static Suite
Audit Workbench (AWB)
IDE Plugin
Software Security Center (SSC)
Fortify On Demand (FOD)
Fortify Runtime(App Defender)
Visibility & Defense
Protection/Logging
Hybrid
Software Security Center (SSC)
DeveloperSource Code Repository
SSC Server
Scan/Sensor Pool
Security Lead
Check-in new codeScheduled Check-out, build and scan
Scan Results uploaded Auditor Reviews
Results
Developer writes fixes
Build Engineer
DevelopmentBuild Server
scan Controller (SCA)
(ex.,TFS,Git , SVN ,..etc.)
Bug Tracker(ex. Bugzilla,TFS,JIRA..etc)
Jenkins (Orchestrator)…
SCA – Integral part of the SDLC - HLD
21
Fortify – DevOps
▪ Real-time lightweight analysis of the source code
Vulnerable line of code is highlighted as developer codes & provides tips for additional information
Level of criticality
Type of vulnerability, explanation and detailed remediation guidanceAll issues
detected in the project
Fortify menu for additional options
22
SAST & DAST – Integration process
Application Testing Environment
SSC Server Auditor
Deploy new release for testing
Web InspectScan launched
Auditor Reviews Results
Auditor Submits Security Issues toBug
Remediationprocess
Detectedvulnerabilities
reported
Maintenance cycle
Security Administrator
SAST Process
OR DAST API kick-off Process
23
Fortify Application Security Solutions▪ On premise and on demand
Static Analysis – SCA
Source Code Mgt. System
Static Analysis Via Build Integration
Dynamic Analysis – WebInspect
Dynamic Testing in QA or Production
Application Protection –App Defender
Real-time Protection of Running Application
Vulnerability Management
Normalization(Scoring, Guidance)
Vulnerability Database
RemediationIDE Plug-ins (Eclipse, Visual Studio, etc.)
Developers (onshore or offshore)
Correlate Target Vulnerabilities with
Common Guidance and Scoring
Defects, Metrics and KPIs Used to Measure Risk
Application Lifecycle
Development, Project and Management
Stakeholders
Software Security CenterFortify on Demand
Hackers & Actual Attacks
Correlation(Static, Dynamic, Runtime)
Threat Intelligence Rules Management
Software Security Center
24
Software Security CenterReporting and Program Management
Vulnerability status by application
Global dashboard highlights risk across
software portfolio
25
Fortify Ecosystem
Fortify solutions
REST APIs with Swagger
REST APIs with Swagger
DevOps &third party
Requirements & issues- ALM Octane- JIRA- Bugzilla
Build servers- Jenkins- Bamboo- VSTS/TFS
Build tools- Gradle- ANT- Maven
Security
- Vuln Mgmt- SIEM- WAFs
IDEs- Eclipse- Visual Studio- IntelliJ- Xcode/AS
Open Source- Sonatype- Black Duck- Fortify Open Rev.
Configuration automation- Chef- Puppet- Octopus
Containers- Docker- ‘Dockerized
Security’
Cloud- Azure- AWS
DevOps &third party
Co
mm
un
ication
/Ch
atOp
s
Code repositories & apps- HPE LiveNet- GitHub- SVN
Secure Development
Security Testing
Continuous Monitoring and Protection
Requirements & issues- ALM Octane- JIRA- Bugzilla
Build servers- Jenkins- Bamboo- VSTS/TFS
Build tools- Gradle- ANT- Maven
Security
- Vuln Mgmt- SIEM- WAFs
IDEs- Eclipse- Visual Studio- IntelliJ- Xcode/AS
Open Source- Sonatype- Black Duck- Fortify Open Rev.
Configuration automation- Chef- Puppet- Octopus
Containers- Docker- ‘Dockerized
Security’
Cloud- Azure- AWS
Co
mm
un
ication
/Ch
atOp
s
Code repositories & apps- HPE LiveNet- GitHub- SVN
26
Analyst Endorsement
Lifecycle Virtualization(Voke)
Testautomation (Gartner)
Mobile Testing(Forrester)
App. Lifecycle Mgmt.(IDC)
Jan De Coster
Application Delivery ManagementInternational Solution Architect
+32 478 219 345