Test Performance

Performance Testing News UK
RSS

A short description of NTLM

Posted by performance tester on November 25th, 2009 No Comments

NTLM is a security protocol used in Microsoft Networks. It is the main approach used by Microsoft to implement single sign-on. It is also used for HTTP authentication and also in Exchange, as well as CIFS/SMB, Telnet and SIP.

NTLM uses a challenge response authentication mechanism, in which users are able to establish their identity without the use of a password. This is generally handled by a certificate that the user already had in their poccession. It includes three exchanges, in general known as Type1 (negotiation), Type2 (challenge) and Type3 (authentication). The exchanges work on the following basis.
The client generates and sends a Type 1 communication to the server. This contains a feature supported by the client and requested of from the server.
The server responds with a Type 2 communication. This contains the features decided to be supported by the server. More notably however, it contains a challenge generated by the server.
The client responds to the challenge with a Type 3 communication. This contains a number of pieces of data about the client, including the domain and users name of the client user along with the secret key. This secret key that has been sent should match the secret key that is held by the server.

Finally Digital signatures can be managed. This means that the signed message has not been intercepted and means the sender is privy to the shared secret. This could be a Radius client interating along with Active Directory whereby the shared secret is manually set within each configuration by the administrator. The keys used in signing and sealing are established as a by-product of the NTLM authentication process. Signing functionality is performed by the addition of a Message Authentication Code (MAC) to any message. This is checked by the server who can now be certain that the message integrity is safe. The signature is generated using the secret key, known by both the sender and receiver. The MAC can only be checked by any party holding the key.

Sealing is carried out by a different function, which adds encryption to a message to put a stop to it from being viewed by another party in transit. There are several encryption protocols used throughout signing and sealing, plus more are appearing frequently. As well as providing message integrity, communication discretion is ensured by the use of sealing. Under SSPI (Security Support Provider Interface) sealing (and signing) is at all times performed in combination with the same key. This encryption allows that a message cannot be intercepted or tampered with whatsoever. (Unless of course you are employed for the FBI).

NTLM is a popular authentication protocol. While there are other authentication protocols that are used, the straightforwardness of use and it’s integration with Microsoft leaves it as nearly all administrators number 1 choice.

Posted in Network Testing, Non Functional Testing, Security Testing, Software Testing

The Return of Investment of PC and how it compares to a bus

Posted by performance tester on November 24th, 2009 No Comments

From HP:

Steve Feloney is the face of HP’s Performance Centre. I met Stephen a year ago as he was doing a world tour to endorse Performance Centre. Stephen is passionate about Performance Centre. He does his work well, and you can’t avoid agreeing with him about Performance Centre and its value.

Now Stephen has written an article about PC and how you can get a great Return of Investment (ROI) even though PC is itself very dear to buy.

It goes something like this……If you were to travel from London to Rome, a car would be a very nice idea. To get a car, it will price you a lot of cash to buy one, but it is much easier than doing the journey by foot. It would take two months to walk, and as a extremely well paid IT worker, the overall cost of the voyage in terms of lost income would without difficulty cover the price of a car.

To my mind, there are other forms of transport like public transport. It is a much less expensive option, however, the voyage is longer and a lot less comfortable. That is the same with PC, you don’t necessarily have to obtain the best possible option, you can look downmarket and that will pretty much facilitate you to achieve the same ends.

You can make up your own mind.

Posted in Automated Testing, Non Functional Testing, Performance Testing, Test Tools

How to resolve Performance concerns with your hosted Web-site

Posted by performance tester on November 23rd, 2009 No Comments

How to verify the performance of your hosted website.

The trouble with using a data centre is the service provider does not always respond to queries. I was in recent times asked by a client look at an issue concerning a hosted website.

The problem was a website which was running slow. I wanted to know what they had changed recently thinking that something they had done may have caused a problem. They told me that they hadn’t made any alterations of late, it had simply started to perform poorly suddenly. They did state that some time back they had made performance improvements on their website by by installing compression and by making any images on the site more efficient. They had checked the performance after these changes and the website was running well and had been for quite some time now. The reduced performance had started a couple of days earlier and they were certain the performance problem was due to the data centre where the website was hosted.

A study was started to see what was occurring. The opening thing I did was to execute a ping. This can be initiated from the command window (from the start windows prompt, type ‘cmd’ and enter. The command itself is simply “ping www.testingperformance.org” This generates 4 requests to the website each with a packet size of just 32 bytes. It’s pretty small, and the response should give you a good idea of latency. Of the 4 hits, twice out of 4 the replys timed and the remaining 2 took over half a second. That is not very quick. There are a variety of options with ping. “Ping -l 200 www.testingperformance.org” will ping the website with 200 bytes. While this is still very slow, it can be increased quite simply to 100Kb which is more realistic of a big web page.

As I was in Britain and the website was located in the North America, I wondered if the latency could be owing to the distance across the Atlantic. To answer that query, I ran a trace route. The format of the command is “tracert www.testingperformance.org” This should demonstrate the various hops that are made when accessing from a workstation or laptop to a server or website. What I could see was that the last 2 or 3 jumps (out of about 20 jumps) were extremely sluggish. It was possible that these hops were in the data centre itself.

I conveyed this information to the data centre and said, look, here is substantiation, are these hops with reduced reply times caused by your equipment? The data centre people in due course contacted me back and stated, they could not tell a lie, the answer was no, it was not them. Well I knew it wasn’t me, and I knew it was not my ISP, and the data centre said it wasn’t them, but I didn’t believe them.

Scouring the net, I located some tools I considered should help, one was named IWEB. I downloaded the tool and it checked the homepage on my website for an interval of time. The results showed response times varying between 2 seconds and 25 seconds. I sent this data back to the hosting centre and asked them to make a statement.

“Oh yeah,” they said, “oh there has been a issue with {one of the} sites on our hardware, it has been receiving lots of hits recently.” “hang on a second,” they said. Half an hour later, my clients site was delivering 1 – 2 second response times again. The assumption was we had been moved to a better performing server. Well, I guess we were ok, but there remains around 90 – 100 websites still hosted on the hardware with performance issues? It wasn’t that we complained, it was showing the evidence which managed to settle the issue for us, thanks to IWEB.

Posted in Firewall Testing, Network Testing, Non Functional Testing, Test Tools, Website Testing

Active Directory and CIFS

Posted by performance tester on November 22nd, 2009 No Comments

From none:

CIFS is an acronym which stands for Common Internet File System. It is based on Server Message Block protocol which has been around since the mid 80’s and enables a standard method for sharing files on networks. CIFS runs on TCP/IP and utilises the DNS. For resources on a network to be locatable, a means must exist whereby the resources can easily be found.A great example of this is a list of printers which a user can access. Microsofts Active Directory can be used, and responds to requests with a list of currently available devices and services that the user is able to access.

Active Directory provides advantages such as controlling and managing security necessities and single-sign-on authentication for users.

Posted in Firewall Testing, Network Testing, Non Functional Testing

Microsoft releases Spec Explorer 2010 application test tool

Posted by performance tester on November 20th, 2009 No Comments

From Yahoo:

Microsoft have been looking at the question of quality assurance and this week is presenting a tool uses techniques used in capacity planning and performance modelling.The Spec Explorer 2010 tool, funnily enough known as Spec Explorer, can be obtained from the Microsoft DevLabs website.

High quality testing of systems and applications is one of the prime challenges in the application development process. The Spec Explorer tool issued recently on DevLabs tackles that problem using model-based testing techniques.

Spec Explorer models the behaviour of application code and using the output to produce functional testing steps from those models. These models can be seen graphically to understand application behavior. These test suites can run standalone or in the Visual Studio or other unit test frameworks. A modelling background is not required before users can build models with Spec Explorer.

Models are written in C# and accompanied by configuration files in a scripting language called Cord.

Posted in Performance Modelling, Performance Testing, Testing News

Hackers Find Adobe Flash Player Flaw Found

Posted by performance tester on November 19th, 2009 No Comments

From crn:

The U.S Computer Emergency Readiness Team (US CERT) has suggested that users turn off Flash because of vulnerabilities in Flash Player and Adobe Reader, as hackers have started to launch attacks.
Adobe issued a security advisory warning users of a zero-day flaw, found in versions 9 and 10 of Adobe Flash Player, that is triggered by bugs in Adobe Reader and Adobe Acrobat 9.1.2.

This enables attackers to install a malicious Flash Player file
is embedded into PDF documents, which might be used to bring down a user’s system or allow them to steal data.

The assault is started when a user is enticed to visit a malicious web-site—typically through some social engineering scheme—or by sending an contaminated PDF file by way of email. The PDF when opened will cause the trojan (Pidief.G) to install automatically.
Adobe researchers say that they have already started to see what they call “limited targeted attacks” launched on Adobe Reader version 9 for Windows, which caused the company to rank the weakness as “critical.” However, security experts anticipate additional attacks will follow.
Symantec Security researcher Patrick Fitzgerald said in a blog post that this Flash Player assault was predominantly hazardous due to the ubiquitous nature of Flash. Usually vulnerabilities are restricted to a specific browser or operating system, in this case, Flash can affect many platforms, causing issues across a range of platforms.

“Flash is used in a good number browsers and is also available in PDF documents. It is largely operating-system-independent; therefore the threat posed by this issue is not to be taken lightly,” Fitzgerald said. “The big user base of Flash presents attackers with a huge target audience Meanwhile, researchers at the
“NoScript a Firefox extension that allows JavaScript to be executed only by trusted Web sites] is your best help here, of course,” said SANS researcher Gearld FitzPatrick, in a blog post.

FitzPatrick said that the vulnerability has now paved the way for a low number of “drive-by” attacks, in that attackers infuse a legitimate Web site with malicious code or lure users to a malicious Web site of their own creation. Attacks have been launched on Internet Explorer and Firefox Web browsers, FitzPatrick said.

Adobe said it has been in touch with security and antivirus vendors and
The U.S. CERT recommends that users avoid the security bug by disabling Flash in Adobe Reader 9 on Windows and either disabling Flash Player or selectively enabling Flash content.

Security experts propose that users don’t open PDF attachments from unfamiliar or untrusted sources, and keeping antivirus software up to date.

Posted in Security Testing

How to Utilise Load Testing 2.0 to Ensure Performance for Web 2.0 Applications

Posted by performance tester on November 18th, 2009 No Comments

From eWeek:

The key to ensuring Web 2.0 performance under any workload lies in swiftly gathering performance data over the full width of your Web 2.0 application delivery chain, from the viewpoint of your users. Load Testing 2.0 delivers this performance data, ensuring businesses to detect and fix the root causes of performance issues. A Knowledge Center contributor explains how Load Testing 2.0 can help businesses guarantee more pleasing Web 2.0 experience for their users. – Web 2.0 is normally described as an advancement, from the web as information source (that is, Web 1.0) to the Web as a more appealing, participatory medium. The Web page has grown consequently, from a static download with partial functionality to a starting point for a rich Web experience full of complexity.

Posted in Non Functional Testing, Performance Testing, Website Testing

Cloud-bursting – getting first-rate performance form the cloud

Posted by performance tester on November 17th, 2009 No Comments

From Computer World:

Cloud computing normally describes implementation of dynamically and often virtualised resources as a service across the Internet . Cloudbursting is one of the terms connected with cloud computing at the moment.
Using cloud computing models for any application and associated traffic could be costly, and using it for handling the spikes in a company’s usage patterns might also be laden with issues because of the time required to get the system set-up and seeded with the data. Ramping up in the cloud is difficult since it might take minutes to fire up more hosts but a company’s peak requirement may perhaps last less time than that.

Posted in Automated Testing, Network Testing, Non Functional Testing, Performance Modelling, Performance Testing, Website Testing

The DFS

Posted by performance tester on November 16th, 2009 No Comments

From Microsoft:

Shared files are usually distributed across networks, administrators face concerns as they struggle to keep users connected to shared data. The Distributed File System (Dfs) in the Microsoft Windows® 2000 operating system provides a method for administrators to generate logical data structures without needing to worry where the physical data resides Fault tolerance of network storage resources is also possible using Dfs.
The DFS might be used to construct a hierarchical view of file shares and servers on the network. You don’t need to think about using particular machine names for file sets, the user will only need to remember one name; which will be the ‘key’ to a list of shares found on servers in the network. Think of it as the home of every file share with links that point to one or more servers that actually host those shares. DFS has the capability of routing clients to the closest available file server by using site metrics. Installation might be on a cluster for improved performance and reliability. The organisations most likely to profit from the use of DFS are medium to large – for small companies it is simply not worth using as an ordinary file server would be completely fine.

Posted in Network Testing

Windows 7 shows a small performance improvement over Vista

Posted by performance tester on November 15th, 2009 No Comments

From Windows 7 Performance:

Vista isn’t well-known for its performance.

One of Microsofts goals with Windows 7 was to increase performance. Observers have stated that Windows 7 seems to be much quicker than Vista. PC World Test Center carried out an evaluation which compared the two operating systems. They found an improvement in speed, though overall the improvement wasn’t dramatic.

Windows 7 has significantly improved performance, but according to PC World, Windows 7 is only slightly faster.

Windows 7 was installed on five computers (two desktops, two laptop PCs, and a netbook), and WorldBench 6 benchmark suite was installed which consists of a number of tests that measure a machine’s performance in well-liked, real world applications. Timings were collected for Windows 7 & Vista for boot-up and shutdown, laptop battery life, and launch times for several everyday apps.

Windows 7 makes some performance strides over Vista, though this was not always sizeable, and for one test, Windows 7 was beaten into 2nd by Vista.

The performance increase of Windows & over Vista is slight, the important thing is though, that there is an improvement at all.

Posted in Performance Testing, Testing News
« Older Entries

Powered by WordPress | Log in | Entries (RSS) | Comments (RSS) | ilookgood! theme by iwritealot!