Skip to main content

Test plan

Write a test plan that systematically identifies use cases covering the required capability of the system. This test plan should cover all automated processing expectations, all end-user self-service cases, all help desk assisting user cases, and so on.

Test the plan on the current production system to ensure it is operating as expected.

Bravura Security Fabric has the potential to interact with nearly every other piece of computing equipment in the enterprise, and as such, the test plan ought to be comprehensive and well maintained.

After an upgrade or migration, systematically test the use cases on the newly upgraded system.

Develop test cases around all the various components of the system that you have implemented; for example:

  • End-user use of the self-service web interface, and help-desk-user use of the web interface to assist others to perform all possible operations, such as:

    • Identification of the profile during login

    • Authentication of the profile using each method

    • Resetting passwords for yourself and others

    • Unlocking accounts for yourself and others

    • Claiming unassociated accounts to your profile

    • Managing tokens, SmartCard, and/or hard disc encryption keys

    • Requesting access to a privileged account

    • Approving a request for access to a privileged account

    • Accessing a privileged account

    • Checking in access to a privileged account

    • Randomizing a password

    • Randomizing a local service

    • Assigning access and membership via user classes

    • Requesting a new account on a target system

    • Requesting attribute changes

  • Phone Password Manager functionality

  • Telephone interface for performing operations

  • Target system integrations

    There should be a test for each operation that is possible on each target system.

  • Ticket / issue tracking system integrations

    There should be a test for each operation that is possible on each ticketing or issue tracking system.

  • Technologies deployed on user workstations, such as:

    • Self Service, Anywhere (SSA) / Login Assistant (formally Credential Provider / GINA) interface for domain attached users

    • Other local kiosk solutions for remote and/or local users

    • Lotus Notes ID file delivery mechanism

    • Cached credential controls for external users

    • Login Manager client software

  • Technologies deployed on other servers

    • Transparent synchronization triggers

    • Target system agent listeners

    • Bravura Security proxy servers that run connectors for targets

    • Notification service clients that run in user domain logon scripts

    • Reverse proxy servers that allow the web interface to be reached from external networks

  • High availability technologies

    • Load balancers that direct traffic to multiple Bravura Security servers either based on load or simple round robin

  • Redundancy technologies

    • Bravura Security replication servers

    • Third party systems that make periodic backups of the files and registry on the servers

    • Third party systems that make backups of the databases that the Bravura Security servers use

  • Automation and scheduled events

    • Nightly scheduled update

    • Automatically scheduled tasks such as auto discovery and log rotation.

    • Automated report generation and delivery

    • Notification of soon-to-expire and other bulk email events

    • Notifications delivered via plugin points or "exit traps" which trigger when certain conditions are met or actions are performed.

Migrate the instance data (both configuration and user data) from production into test. As you do this, document all the steps. This information will be useful later when you are building the production change control plan.

After the migration, systematically test the cases on the newly migrated test environment. Where a test case has problems, make the necessary changes to the system. Document the changes that were made to make a case work in the new system.

A comprehensive test plan could potentially take a very long time to run. Breaking it down into multiple smaller test plans for different purposes may have benefits; for example, you could use a comprehensive test plan while building a complete working system in the lab, then use a subset of the full plan, that tests only critical use cases, during the implementation of the production change control plan to minimize service disruption.

In this section: