Introduction

In many industries today, adhering to regulations is not optional; it is mandatory. As information technology professionals, we are constantly challenged with tight timelines for building and enhancing information systems, not just to provide new functionality, but also to ensure our systems meet the guidelines and standards for each industry.

Compliance Affects Everyone, Not Just the Big Banks

Compliance impacts all industries, and is becoming more important every day. Highly regulated industries including financial services and health care must meet strict standards for compliance. For online retailers, privacy and security standards must also be met. The social networking industry is facing regulations specific to consumer protection and the use of customer information.

No industry is immune to meeting compliance requirements, and emerging regulations create more challenges to achieving performance objectives each year, both domestically and internationally. Any website that uses, stores, or processes personal or payment information must address these challenges, notably for security and the payment card industry (PCI), but also for accessibility,access controls, confidentiality, and audit purposes.

Staying abreast of techniques to meet performance goals and compliance regulations is an emerging trend within both performance engineering (PE) and DevOps. Conferences such as Velocity are addressing these topics both tactically and strategically. Tactical, cutting-edge techniques are taking into account the needs of high-tech and web-facing companies as well as large Fortune® 500 enterprises. Strategically, the emerging cultural paradigm of DevOps is becoming more prominent at larger companies, across complex architectures that include legacy systems.

Performance Is Mandatory for Competitiveness and Business Success

Today’s complex system architectures include rich user interfaces, the ability to execute complex business transactions quickly, and the need to provide critical information to users in a variety of formats, both desktop and mobile. How do you ensure you can meet business goals when the system is made up of a combination of web servers, application servers, and multiple middleware layers, including interfaces to web services, databases, and legacy systems? How do you achieve performance goals while meeting regulatory requirements such as multifactor authentication, encryption, and storing years’ worth of online transactional data? System designers and architects must understand and manage the performance impacts of mandated features to ensure that service levels can be maintained.

In an effort to accelerate the timelines in providing new systems and enhancing functionality, we’re moving from the classic software development methodologies of the past to methodologies based on continuous deployment. Adoption of agile and continuous integration and deployment models enables system functionality to be released more quickly, without sacrificing quality. Regulated industries are struggling to adopt these methodologies, as long-standing release management and testing processes are slow to adapt to accelerated delivery models.

The trend of ubiquitous access is putting more pressure on system performance. Access patterns and user behavior are changing. The mix of concurrent types of users and concurrent access is also forcing a change in how systems are designed to support these emerging trends. We must build systems to achieve performance for all users executing business-critical transactions, regardless of whether a particular user is coming from a desktop PC, a mobile device, or a kiosk. When designing and building the system, we must test to ensure good performance for all users, at the same time.

Case Studies in Performance and Compliance

Throughout this report, we’ll highlight various real-world examples. The examples span industries and identify some of the performance challenges created by adhering to regulatory requirements, and the strategies used to address those challenges. Some of these case studies followed the process outlined in this report proactively, while others required addressing the performance issues reactively. The examples have been anonymized to protect the innocent.

To Minimize Reputational Risk, Performance and Compliance Objectives Must Both Be Met

Solving these challenges is not trivial. Business users demand systems that perform well and meet regulatory compliance requirements. Often the consequence of complying with mandatory regulations is a reduction of system performance.

Key tenets of performance engineering—workload characterization (e.g., types of transactions, users, volumetrics), disciplined PE processes applied across the software development life cycle, and architectural considerations of performance (load time, throughput/bandwidth)—are required for success.

Through a combination of system optimization techniques at every tier and integration point and the cooperation and commitment of the business to support performance improvement as a critical success factor, performance goals can and will be achieved.

This report outlines a disciplined process that can be followed to achieve your performance goals, while meeting compliance objectives.

Performance Engineering

Performance engineering is not merely the process of ensuring that a delivered system meets reasonable performance objectives; rather, PE emphasizes the “total effectiveness” of the system, and is a discipline that spans the entire software development life cycle. By incorporating PE practices throughout an application’s life cycle, scalability, capacity, and the ability to integrate are determined early, when it is still relatively inexpensive to tailor a solution specific to business needs.

Key activities occur at different stages of the life cycle. Notably, these include:

Platform/environment validation: Determine if a particular technical architecture will support an organization’s business plan, by employing workload characterization and executing stress, load, and endurance tests.

Workload characterization: A successful performance test requires a workload that simulates actual online and batch transactions as closely as possible. Workshops at which key business and technical professionals agree on representative user profiles help characterize workloads. If batch processing is required, representative messages must be defined. Online profiles are defined by the transactions each one performs.

Capacity planning for performance: Understanding the point at which hardware resources are optimally utilized to support the system’s performance goals (e.g., response time, concurrency, and throughput) is critical. Balancing the number of resources while providing resiliency may require horizontal scaling to ensure continuity during failover.

Performance benchmarking: Execute sets of client-specific workloads on a system to measure its performance and its ability to scale. Also execute tests to determine an application’s performance limits.

Production performance monitoring: Proactively troubleshoot problems when they occur, and develop repairs or “workarounds” to minimize business disruption.

Get Compliance at Speed now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial