Category: Services

What It Means To Be CREST (Intl) Accredited

Anyone with a computer and an Internet connection can set themselves up as a penetration testing or cyber incident response service provider.  These could include irresponsible organisations that do not have in place policies, processes and procedures to ensure quality of service and protection of client based information.  The individuals employed by these companies may have no demonstrable skill, knowledge or competence in the provision of security testing.

CREST is an International not-for-profit accreditation and certification body that represents and supports the technical information security market. CREST requires a rigorous assessment of business processes, data security and security testing framework to demonstrate a level of assurance that the information security methodologies used can competently and securely provide customers with a robust assessment of their cyber security posture.

As a result, CREST only provides accreditation to highly trusted professional services organisations, and their employees who provide the often sensitive and high-risk penetration testing, cyber incident response, threat intelligence and security operations centre services.

All CREST accredited member companies are required to submit policies, processes and procedures relating to their service provision to provide added assurance for the buying community.  These policies, processes and procedures include:

  • References for certified individuals
  • Assignment preparation and scope processes
  • Assignment execution processes
  • Technical methodology
  • Reporting templates
  • Data storage and Information Sharing policies
  • Post technical delivery methodologies
  • Asset/Information/Document storage, retention and destruction processes

The buying community needs to be in a position where it can procure services from a trusted company with access to demonstrably professional technical security staff.  CREST provides the buying community with a clear indication of the quality of the organisation and the technical capability of staff they employ.

JDS is a proud CREST (Intl) accredited member company who can confidently provide our customers the added reassurance that our services meet the highest professional and security standards.

Five Reasons Why Your Organisation Should Be Penetration Testing

Modern businesses require an advanced approach to security and due diligence.  Having anti-virus software and a firewall is no longer an efficient strategy to prevent highly sophisticated security attacks which can result in irreversible damage to your organisation.

A professional penetration testing service is the best way to identify the strengths, weaknesses and holes in your defences.  Read on to uncover the five best reasons why your organisation needs penetration testing.

1. Protect Your Organisation From Cyber Attacks

Reports of cyber crime within Australia have increased nearly 15% each year since 2019, with the average reported financial loss per successful cybercrime incident being $50,673. Regardless of your organisational size or sector, cyber criminals view every business as a potentially exploitable prospect. The internet is continuously being scanned in search of vulnerable systems.  Carrying out penetration tests will enable you to identify vulnerabilities that are most likely to be exploited, determine what the potential impact could be, and enable you to implement measures to mitigate or eliminate the threat.     

2. Identify and Prioritise Vulnerabilities

Put simply, a pen test will uncover all of the potential threats and vulnerabilities that could damage your organisation’s IT assets.  The resulting report prioritises these vulnerabilities from low to critical, and further categorises them by likelihood and impact.  This gives your team a clear picture of your security posture, and the opportunity to mitigate the greatest threats first before moving on to less risky ones.

3. Stay Compliant With Security Standards and Regulations

Regular penetration testing can help you to comply with security standards and regulations such as ISO 27001 and PCI.  These standards require company managers and system owners to conduct regular penetration tests and security audits to demonstrate ongoing due diligence and maintenance of required security controls. Not only does pen testing identify potential vulnerabilities, ensuring that you are protecting your customers and assets, but it also helps to avoid costly fines and fees connected with non-compliance. 

4. Reduce Financial Losses and Downtime

Recent studies have reported that the average financial impact of a major data breach in Australia is around $3.7million per incident.  This takes into account expenditures on customer data protection programs, regulatory fines, and loss of revenue due to business operability.  System downtime is incredibly costly – the longer your system is down, the more exorbitant the cost.  A penetration test is a proactive solution to highlight and fix your system’s most critical vulnerabilities, and ensure your team are ready to act if your systems were to go down unexpectedly. 

5. Protect Your Reputation and Company Loyalty

Consumers are extremely quick to lose trust in companies and brands, and all it takes is one security breach or data leak to tarnish your reputation.  Customers and partners of your organisation want to know that their private data is safe in your hands, so it is in your best interest to be aware of any vulnerabilities which may put the company’s reputation and reliability in jeopardy.  

This is just a handful of reasons why organisations should carry out regular penetration tests, but there are many more.  Connect with JDS to discuss your pen testing needs and get a full scope of work customised to your requirements.

JDS Security

We take a methodical, risk-based approach to security testing, monitoring, and management so you can be rest assured that your data and business assets are secure.  JDS uses proactive, detailed and industry-best practice threat intelligence to increase your organisations resilience against cyber threats.


Web Application Penetration Testing

Web application penetration testing at JDS is based on the industry-recognised Open Web Application Security Project (OWASP) Application Security Verification Standard. We take a methodical, risk-based approach to testing your applications, evaluating the security posture of your platform, enabling you to identify, eliminate and further prevent security risks within your critical business applications



API Penetration Testing

According to Gartner, in 2022, exploiting APIs will be the most common attack vector for data breaches within enterprise web applications. Our skilled JDS Security team will assess how your API’s could be abused, how authorisation and authentication could be bypassed, and a perform a number of tests in attempt to reveal any existing security vulnerabilities.



Security Monitoring

As a Splunk Elite Partner, JDS leverages our expertise to implement SIEM software Splunk Enterprise Security (Splunk ES) to monitor your organisation’s activities and meet your security audit and compliance requirements.

Network Penetration Testing

JDS can perform an in-depth security assessment of your corporate network perimeter (both internal & external) using automated tools and manual techniques. Our security professionals will emulate the methods that a malicious actor might use to attack your network, exploiting weaknesses in operating systems or networks, to gain access to your organisation’s secure data and “crown jewels”.




Cloud Security Compliance Audits

As more organisations migrate their sensitive information and services to cloud environments, it is critical to consider the impact on privacy, security and compliance efforts. The JDS Cloud Security Compliance Audit will provide essential insight into your cloud security for full regulatory compliance.



Vulnerability Management

JDS can assist with organising tedious and complex vulnerability findings to provide effective prioritisation and remediations for complete visibility of your network and infrastructure.


CREST (Intl) ACCREDITATION

CREST is a not-for-profit accreditation and certification body that represents and supports the technical information security market.
After being independently assessed to demonstrate proficiency and compliance in the knowledge and delivery of Penetration Testing, JDS Australia has been recognised with Crest (International) accreditation.  
CREST requires a rigorous assessment of business processes, data security, and security testing framework to demonstrate a level of assurance that the information security methodologies used can competently and securely provide customers with a robust assessment of their cyber security posture. As a result, CREST only provides accreditation to highly trusted professional services organisations, and their employees who provide the often sensitive and high-risk penetration testing, cyber incident response, threat intelligence and security operations centre services.
Becoming a CREST accredited member company validates the level of confidence that customers will experience when working with JDS, a highly skilled and trustworthy Australian organisation.

Accelerate upgrades with ServiceNow Automated Test Framework

Upgrade more often

In 2019, ServiceNow will move to “N-1” upgrades, meaning you can’t be more than one release behind before ServiceNow will force the upgrade to your platform, ready or not.

It’s nothing to be afraid of. The evolution of enterprise to the cloud means we can break free from the shackles of the old on-premise software model. ServiceNow takes care of all the back-end technical changes, which eliminates a lot of the burden that has made upgrades slow and expensive.

Your challenge now is to make sure that nothing in the upgrade process disrupts your business. Test automation with ServiceNow ATF can help – see our technical post here for more on that.

Accelerate test automation with JDS Kick Start

We can help you get started with ServiceNow ATF. In just a few days, the JDS ServiceNow ATF Kick Start engagement will provide you with the detail you need to scope and plan automation of testing across your platform.

JDS brings over a decade of experience in test automation, and our experienced ServiceNow team can help with a rapid assessment of your platform.

JDS ServiceNow ATF Kick Start includes:

  • Identification of the top use cases that are candidates for automation
  • Joint review and refinement of use cases
  • Report and recommendations for automation

Call us

To find out more and to book a Kick Start – email [email protected] or call 1300 780 432 to reach our team.

We partner with leading technologies

What if your application was one second faster?

Why one second faster?

Improving your website performance will increase your business. But don’t take our word for it—there is plenty of evidence.

According to Kissmetrics:

  • 25% of consumers will abandon a website that takes more than four seconds to load
  • 47% of consumers expect a webpage to load in two seconds or less
  • 79% of shoppers who are dissatisfied with website performance are less likely to buy from the same site again
  • A one-second delay in page response can result in a 7% reduction in conversions
  • A one-second delay (or three seconds of waiting) decreases customer satisfaction by about 16%

So, what would performing one second faster mean for your web application or website? JDS is now offering a limited time promotion that will allow you to realise the maximum performance of your website or application. Over the course of five days, our experts will work with your team to analyse your web application and accelerate its performance for your customers.

 

What’s included?

  • Your own dedicated performance expert for five days (either on-site or off-site)
  • A technical deep dive of your web application, turning over every rock to understand how it can work faster and harder for your business
  • Best practice tips and techniques straight from the guys in the know
  • Experts fluent in everything from Java and .NET through to SAP and Oracle
  • A presentation and roadmap of the findings and recommendations found

Why JDS?

We are Australia’s leading performance test consultancy with 15 years of experience partnering with organisations of every size, from startups to large enterprises and governments. We have a reputation for being a key player in making Australian web applications exceptional. Want to get started? Reach out to a JDS team member, send an email to [email protected], or call 1300 780 432 to confidentially discuss your web application and how we can help.

We partner with leading technologies

How to effectively manage your CMDB in ServiceNow

Configuration management is a popular topic with our customers, and JDS has been involved in a number of such projects over the years. Specifically, we deal regularly with configuration management databases, or CMDB. The CMDB is a foundational pillar in ITIL-based practices; properly implemented and maintained, it is the glue that holds together all IT operations.

A good CMDB keeps a system of logical records for all IT devices/components, known as Configuration Items (CIs). When all of your organisation’s assets and devices are logically presented, this gives you and your executives greater visibility and insight into your IT environment. As an example, all of the Windows servers are tracked in CMDB, and all of its version details are also tracked. This greatly aids any incident resolution or analysis tasks.

ServiceNow CMDB
ServiceNow CMDB

ServiceNow CMDB

The ServiceNow platform offers a fully integrated CMDB and JDS consultants are experts at implementing and populating the ServiceNow CMDB. The process of discovery can be an onerous and time-consuming task, as you search your entire organisation for each CI and enter it into your CMDB.

ServiceNow Incident Record
ServiceNow incident record referencing a CI

Our team of ServiceNow engineers not only help with the manual processes at the outset, but we also introduce automation to ensure that all new CIs are discovered and entered as soon as they are brought into the environment.

ServiceNow CMDB Health Dashboards
ServiceNow CMDB Health Dashboards

The ServiceNow CMDB, like any other CMDB, faces one particular challenge: as the CMDB grows, it’s increasingly difficult for administrators to keep track and keep data relevant. As complexity increases, it can be challenging to ensure your CMDB remains accurate and relevant.  

The complexity and dynamic nature of today’s IT environments means organisations move and upgrade continuously (e.g. server names and IP addresses are commonly repurposed when new projects enter the picture).

A common myth is that the CMDB is hands-free. It’s common for administrators to turn on the CMDB and populate it initially without giving enough thought to strategies for keeping the data up to date. In reality, it takes constant vigilance or its value to the organisation will quickly diminish. CMDBs require careful maintenance to stay relevant, and JDS can assist with this process.

One of the most important things an IT administrator can do is plan and have a clear scope and purpose when enabling a CMDB. The CMDB supports other critical platform features (e.g. incident, problem and change management, etc). JDS can further narrow down the types of CIs that should be retained (e.g. exclude non-managed assets such as desktop, laptops, and non-production servers). Excluding non-managed assets avoids paying unnecessary licensing costs while also keeping your CMDB focused and concise.

CMDB receiving data
CMDB receiving data from many integration points

It’s common for an organisation to use different vendor tools and often their capabilities overlap each other. In the image above, the customer is receiving CI information from integrations with different vendor products, with each tool reporting conflicting information. JDS specialises in integration across multiple data sources and ensuring the most relevant data is ingested into your CMDB.

A CMDB is fundamentally an operational tool. It needs to be concise and ultimately informational to be useful.

While it is tempting to keep all data in your CMDB, often having too much data introduces confusion and fatigue for users. The strength of ServiceNow is its ability to link to related records, allowing you to have a rich CMDB without it being cluttered.

The benefits of Service Mapping

Service Mapping is a key feature of ServiceNow ITOM, and it’s a different approach to the traditional CMDB population methods. Rather than populating all known assets, Service Mapping adopts a service-oriented approach where only relevant devices and components for a technology or business service are tracked and viewed.

This “lean” approach focuses on the CIs that matter while avoiding many pitfalls of the traditional CMDB.

Service Mapping can be further utilised to drive the event impact dashboard (available as part of ServiceNow ITOM offerings).

Service Mapping
Service Mapping in ServiceNow

Having fewer CIs also means that administrators avoid spending time keeping track of things that are of minimal relevance or importance.

In summary, the ServiceNow CMDB offers some great benefits for practitioners, but it’s important to have a clear understanding of the scope your organisation needs to avoid the pitfalls of a bloated CMDB. JDS recommends using ServiceNow ITOM to manage and make your CMDB more efficient. We have the breadth of skills and expertise to configure your CMDB for the needs of your organisation, as well as to work with you on the Service Mapping of your business. Contact one of our representatives today to find out more or set up an in-person discussion.

Conclusion

To find out more about how JDS can help you with your ServiceNow needs, contact our team today on 1300 780 432, or email [email protected].

Our team on the case

Our ServiceNow stories

Top 7 benefits of JDS Active Robot Monitoring

JDS has spent a lot of time this month showing how our bespoke synthetic monitoring solution, Active Robot Monitoring with Splunk, is benefitting a wide variety of businesses. ARM has been used to resolve website issues for a major superannuation company and is improving application performance for a large Australian bank. We’re also currently implementing an ARM solution for one of the biggest universities in Australia and a major medical company. Find out more about the benefits of JDS Active Robot Monitoring below.


Summary of ARM

ARM is a capability developed by JDS that enables synthetic performance monitoring for websites, mobile, cloud-based, on-premise, and SaaS apps. It provides IT staff and managers a global view of what’s happening in your environment, as it’s happening. You can then use the customisable results dashboard to easily consume performance data, and drill down to isolate issues by location or transaction layer.

Top 7 benefits of ARM

1. Get an overall picture of an application’s end-to-end performance

How long does it take for your page to load, or for a user to log in? Can they log in? You may be getting green lights from all of the back-end components individually, but not realise the login process is taking three times longer than normal. ARM gives you the full picture, helping you spot performance issues you may not notice in the back-end.

2. Small increase in data ingested

If you’re already using Splunk, the amount of data you ingest with ARM is minimal, meaning you are getting even more out of your enterprise investment at an extremely low cost.

3. Fast time to value

Many IT projects can take years to show a return on investment, but ARM is not one of them. Once implemented, IT and development teams see value fast as their ability to hone in on and resolve issues accelerates and the number of user issues decreases.

4. Performance and availability metrics based on users location

See how your website, system, or application performs in different locations to find out where issues may be occurring and how to fix them.

5. Proactively find and alert on issues before users do

Users discovering glitches or errors is damaging to a business’s reputation. The ARM robots are constantly on the look-out for problems in the system and will alert you when issues arise so you can resolve them before they negatively impact your customers.

6. Monitor performance 24/7, even while users are asleep

Humans sleep; robots don’t. ARM monitors your application 24/7 to ensure even your late-night customers have a stellar user experience.

7. Get unlimited transactions

Unlike other synthetic monitoring tools, which charge on a per-transaction basis (i.e. every user transaction you want to run invites a new charge), ARM allows you unlimited transactions, so you can measure whatever actions you think your users may take.

What can ARM do for you?

How can you convince your key stakeholders to invest in synthetic monitoring? We wrote a few weeks ago about why businesses should do both real-user and synthetic monitoring, but depending on your industry, you may need a more tailored approach.

That’s why, for the month of November, JDS has opened registrations across our locations in Australia to host an on-site workshop at your location, free of charge. If you’re interested in learning more about how ARM can benefit your business, sign up for an on-site workshop using the form below.

By clicking this button, you submit your information to JDS Australia, who will use it to communicate with you about this request and their other services.

Our team on the case

Case Study: Netwealth bolster their security with Splunk

The prompt and decision

"As a financial services organisation, information security and system availability are core to the success of our business. With the business growing, we needed a solution that was scalable and which allowed our team to focus on high-value management tasks rather than on data collection and review."

Information security is vital to modern organisations, and particularly for those that deal in sensitive data, such as Netwealth. It is essential to actively assess software applications for security weaknesses to prevent exploitation and access by third parties, who could otherwise extract confidential and proprietary information. Security monitoring looks for abnormal behaviours and trends that could indicate a security breach.

"The continued growth of the business and the increased sophistication of threats prompted us to look for a better way to bring together our security and IT operations information and events," explains Chris Foong, Technology Infrastructure Manager at Netwealth. "Advancements in the technology available in this space over the last few years meant that a number of attractive options were available."

The first stage in Netwealth’s project was to select the right tool for the job, with several options short-listed. Each of these options was pilot tested, to establish which was the best fit to the requirements—and Splunk, with its high versatility and ease of use, was the selected solution.

The power in the solution comes from Splunk’s ability to combine multiple real-time data flows with machine learning and analysis which prioritises threats and actions, and the use of dynamic visual correlations and on-demand custom queries to more easily triage threats. Together, this empowers IT to make informed decisions.

Objective

Netwealth’s business objective was to implement a security information and event management (‘SIEM’) compliant tool to enhance management of security vulnerabilities and reporting. Their existing tool no longer met the expanding needs of the business, and so they looked to Splunk and JDS to provide a solution.

Approach

Netwealth conducted a proof of concept with various tools, and Splunk was selected. JDS Australia, as Splunk Implementation Partner, provided licensing and expertise.

IT improvements

Implementing Splunk monitoring gave Netwealth enhanced visibility over their security environment, and the movement of sensitive data through the business. This enabled them to triage security events and vulnerabilities in real time.

About Netwealth

Founded in 1999, Netwealth was established to provide astute investors and wealth professionals with a better way to invest, protect and manage their current and future wealth. As a business, Netwealth seeks to enable, educate and inspire Australians to see wealth differently and to discover a brighter future.

Netwealth offers a range of innovative portfolio administration, superannuation, retirement, investment, and managed account solutions to investors and non-institutional intermediaries including financial advisers, private clients, and high net worth firms.

Industry

Financial Services

Primary applications

  • Office365
  • Fortigate
  • IIS
  • Juniper SRX
  • Microsoft DNS
  • Microsoft AD and ADFS (Active Directory Federation Services)
  • JBoss (Java EE Application Server)
  • Fortinet

Primary software

  • Splunk Enterprise
  • Splunk Enterprise Security (application add-on)

The process

Now that Splunk had been identified as the best tool for the job, it was time to find an Implementation Partner—and that’s where JDS came in. JDS, as the most-certified Australian Splunk partner, was the natural choice. "JDS provided Splunk licensing, expertise on integrating data sources, and knowledge transfer to our internal team," says Foong.  

An agile, project managed approach was taken.  

  1. Understand the business requirements and potential threats associated with Netwealth’s environment.
  2. Identify the various services that required security monitoring.
  3. Identify the data feed for those services.
  4. Deploy and configure core Splunk.
  5. Deploy the Enterprise Security application onto Splunk.
  6. Configure the Enterprise Security application to enable features. These features gave visibility into areas of particular concern.

JDS provided Splunk licensing, expertise on integrating data sources, and knowledge transfer to our internal team.

Chris FoongTechnology Infrastructure Manager

The JDS team worked well with our team, were knowledgeable about the product, and happy to share that knowledge with our team.

JDS are professional. They delivered what they said they would, and didn’t under- or over-sell themselves. They’ve provided ongoing support and advice beyond the end of the project. We would work with them again.

The JDS difference

For this project, JDS "assisted Netwealth in deploying and configuring Splunk, and gaining confidence in Splunk Enterprise Security," explains the JDS Consultant on the case. "We were engaged as a trusted partner with Splunk, and within hours of deployment, we had helped Netwealth to gain greater visibility of the environment."

JDS were able to leverage their Splunk expertise to give added value to the client, advising them on how to gain maximum value in terms of both project staging, and in the onboarding of new applications. "We advocated a services approach—start by designing the dashboard you want, and work backwards towards the data required to build that dashboard."

"The JDS team worked well with our team, were knowledgeable about the product, and happy to share that knowledge with our team," says Netwealth’s Chris Foong. "They delivered what they said they would, and didn’t under- or over-sell themselves. We would work with them again."

End results

Chris Foong says that Netwealth was looking for "improved visibility over security and IT operations information and events, to aid in faster response and recovery"—and the project was a success on all counts.

"The project was delivered on time and to budget, and Splunk is now capturing data from all the required sources," adds Foong. "We also identified a number of additional use cases, over and above the base Enterprise Security case, such as rapidly troubleshooting performance degradation."

Now that Netwealth has implemented Splunk, the software has further applicability across the business. The next step is continuing to leverage Splunk, and JDS will be there to help.

Business Benefits

  • Gave Netwealth better visibility into the organisation’s security posture
  • Presents the opportunity for leveraging of Splunk in other areas of the business; for example, marketing
  • Allows Netwealth to have greater visibility into application and business statistics, with the potential to overlay machine learning and advanced statistical analysis of this business information

The project was certainly a success, and Splunk is working well in our environment.

Your organisation deserves a good dashboard (and here’s why)

Cars cost a lot of money, and when a driver gets behind the wheel, they want to know that every component is working correctly. It can mean the difference between life and death—not to mention getting to your destination on time! For this reason, vehicle dashboards are painstakingly designed to be simple yet functional, so that virtually anyone can understand them at a glance.

In a similar vein, how much investment was involved in building up your organisation and its IT infrastructure—and let's not forget ongoing maintenance! The cost of system failure can mean life or death for your business, missing destinations and deadlines. In some sectors, such as health or search and rescue, it can even lead to injury or loss of life. With the consequences of lost visibility in mind, take a look at your organisation's dashboards (if they exist!). Ask yourself—are they as easy to understand as the dashboard of a car?

Most organisations would reply 'no' to that question. All too often, dashboards exist because the organisation's monitoring solution provided one out-of-the-box.  That's fine if your intended audience is all technically inclined, and understand what it means when there is a 'memory bottleneck' or the 'committed memory in use is too high'. These alerts, however, might mean nothing to upper management or the executive team, who are directly responsible for approving your team's budget. Action needs to be taken to translate the information, so that it is accessible to all your key decision-makers. So what are the first steps?

Here are three initial items to consider:

  1. Context is everything! Without context, your executive team may not understand the impact of an under-resourced ESX server that's beginning to fail. If, however, your dashboard were to show that the ESX server happens to host the core income stream systems for the organisation, you may have their attention (and funding).
  2. Visualise the data! Approximately 60% of the world population are visual thinkers, so your dashboard should be visually designed.  Find a way to visualise your data. Show the relationships and dependencies between systems. Oh, and "death to pie charts!".
  3. Invest the time and effort! Find your creative spark, and brainstorm as a team. A well-designed dashboard will pay on-going dividends with every incident managed, or business case written. Make sure you allot time to prove your work against SLAs.

If you need help with dashboard development or design, give JDS a call on 1300 780 432 and speak with one of our friendly consultants.

Our team on the case

Tech tips from JDS

The Splunk Gardener

The Splunk wizards at JDS are a talented bunch, dedicated to finding solutions—including in unexpected places. So when Sydney-based consultant Michael Clayfield suffered the tragedy of some dead plants in his garden, he did what our team do best: ensure it works (or ‘lives’, in this case). Using Splunk’s flexible yet powerful capabilities, he implemented monitoring, automation, and custom reporting on his herb garden, to ensure that tragedy didn’t strike twice.

My herb garden consists of three roughly 30cm x 40cm pots, each containing a single plant—rosemary, basil, and chilli. The garden is located outside our upstairs window and receives mostly full sunlight. While that’s good for the plants, it makes it harder to keep them properly watered, particularly during the summer months. After losing my basil and chilli bush over Christmas break, I decided to automate the watering of my three pots, to minimise the chance of losing any more plants. So I went away and designed an auto-watering setup, using soil moisture sensors, relays, pumps, and an Arduino—an open-source electronic platform—to tie it all together.

Testing the setup by transferring water from one bottle to another.
Testing the setup by transferring water from one bottle to another.

I placed soil moisture sensors in the basil and the chilli pots—given how hardy the rosemary was, I figured I could just hook it up to be watered whenever the basil in the pot next to it was watered. I connected the pumps to the relays, and rigged up some hosing to connect the pumps with their water source (a 10L container) and the pots. When the moisture level of a pot got below a certain level, the Arduino would turn the equivalent pump on and water it for a few seconds. This setup worked well—the plants were still alive—except that I had no visibility over what was going on. All I could see was that the water level in the tank was decreasing. It was essential that the tank always had water in it, otherwise I'd ruin my pumps by pumping air.

To address this problem, I added a float switch to the tank, as I was aiming to set it up so I could stop pumping air if I forgot to fill up the tank. Using a WiFi adapter, I connected the Arduino to my home WiFi. Now that the Arduino was connected to the internet, I figured I should send the data into Splunk. That way I'd be able to set up an alert notifying me when the tank’s water level was low. I'd also be able to track each plant’s moisture levels.

The setup deployed: the water tank is on the left; the yellow cables coming from the tank are for the float switch; and the plastic container houses the pumps and the Arduino, with the red/blue/black wires going to the sensors planted in the soil of the middle (basil) and right (chilli) pots. Power is supplied via the two black cables, which venture back inside the house to a phone charger.
The setup deployed: the water tank is on the left; the yellow cables coming from the tank are for the float switch; and the plastic container houses the pumps and the Arduino, with the red/blue/black wires going to the sensors planted in the soil of the middle (basil) and right (chilli) pots. Power is supplied via the two black cables, which venture back inside the house to a phone charger.

Using the Arduino’s Wifi library, it’s easy to send data to a TCP port. This means that all I needed to do to start collecting data in Splunk was to set up a TCP data input. Pretty quickly I had sensor data from both my chilli and basil plants, along with the tank’s water status. Given how simple it was, I decided to add a few other sensors to the Arduino: temperature, humidity, and light level. With all this information nicely ingested into Splunk, I went about creating a dashboard to display the health of my now over-engineered garden.

The overview dashboard for my garden. The top left and centre show current temperature and humidity, including trend, while the top right shows the current light reading. The bottom left and centre show current moisture reading and the last time each plant was watered. The final panel in the bottom right gives the status of the tank's water level.
The overview dashboard for my garden. The top left and centre show current temperature and humidity, including trend, while the top right shows the current light reading. The bottom left and centre show current moisture reading and the last time each plant was watered. The final panel in the bottom right gives the status of the tank's water level.

With this data coming in, I was able to easily understand what was going on with my plants:

  1. I can easily see the effect watering has on my plants, via the moisture levels (lower numbers = more moisture). I generally aim to maintain the moisture level between 300 and 410. Over 410 and the soil starts getting quite dry, while putting the moisture probe in a glass of water reads 220—so it’s probably best to keep it well above that.
  2. My basil was much thirstier than my chilli bush, requiring about 50–75% more water.
  3. It can get quite hot in the sun on our windowsill. One fortnight in February recorded nine 37+ degree days, with the temperature hitting 47 degrees twice during that period.
  4. During the height of summer, the tank typically holds 7–10 days’ worth of water.

Having this data in Splunk also alerts me to when the system isn't working properly. On one occasion in February, I noticed that my dashboard was consistently displaying that the basil pot had been watered within the last 15 minutes. After a few minutes looking at the data, I was able to figure out what was going on.

Using the above graph from my garden’s Splunk dashboard, I could see that my setup had correctly identified that the basil pot needed to be watered and had watered it—but I wasn't seeing the expected change in the basil’s moisture level. So the next time the system checked the moisture level, it saw that the plant needed to be watered, watered it again, and the cycle continued. When I physically checked the system, I could see that the Arduino was correctly setting the relay and turning the pump on, but no water was flowing. After further investigation, I discovered that the pump had died. Once I had replaced the faulty pump, everything returned to normal.

Since my initial design, I have upgraded the system a few times. It now joins a number of other Arduinos I have around the house, sending data via cheap radio transmitters to a central Arduino that then forwards the data on to Splunk. Aside from the pump dying, the garden system has been functioning well for the past six months, providing me with data that I will use to continue making the system a bit smarter about how and when it waters my plants.

I've also 3D printed a nice case in UV-resistant plastic, so my gardening system no longer has to live in an old lunchbox.

Our team on the case

Citrix and web client engagement on an Enterprise system

JDS was engaged by a leading superannuation firm to conduct performance testing of their enterprise applications migrating to a new platform. This was part of a merger with a larger superannuation firm. The larger superannuation firm was unaware of their application performance needs and until recent times, performance was not always a high priority during the test lifecycle.

JDS was brought in to provide:

  • Guidance on performance testing best practice
  • Assistance with performance testing applications before the migration of each individual super fund across to the new platform
  • Understanding the impact on performance for each fund prior to migration

During the engagement, there were multiple challenges which the consultants faced. Listed below are a few key challenges encountered, providing general tips for performance testing Citrix.

Synchronisation

You should have synchronisation points prior to ANY user interaction i.e. mouse click or key stroke. This will ensure the correct timing of your scripts during replay. You don’t want to be clicking on windows or buttons that don’t exist or haven’t completely loaded yet. For example:

ctrx_sync_on_window("Warning Message", ACTIVATE, 359, 346, 312, 123, "", CTRX_LAST);
ctrx_key("ENTER_KEY", 0, "", CTRX_LAST);

Screen resolution and depth

Set your desktop colour settings to 16bit. A higher colour setting adds unneeded complexity to bitmap syncs, making them less robust. Ensure that the display settings are identical for the controller and all load generators. Use the "Windows Classic" theme and disable all the "Effects" (Fading, ClearType, etc.)

Recording

Your transactions should follow the pattern of:

  • Start transaction
  • Do something
  • Synchronise
  • Check that it worked
  • End transaction

If you synchronise outside of your transaction timers, the response times you measure will not include the time it took for the application to complete the action.

Runtime settings

JDS recommends the following runtime settings for Citrix:

Logging

  • Enable Logging = Checked
  • Only send messages when an error occurs = Selected
  • Extended logging -> Parameter substitution = Checked
  • Extended logging -> Data returned by server = Checked

Citrix 1

 

Think time

Think time should not be needed if synchronisation has been added correctly

  • Ignore think time = Selected

Citrix 2

Miscellaneous

  • Error Handling -> Fail open transactions on lr_error_message = Checked
  • Error Handling -> Generate snapshot on error = Checked
  • Multithreading -> Run Vuser as a process = Selected

Citrix 3

ICA files

At times you may need to build your own ICA files. Create the connection in the Citrix program neighbourhood. Then get the wfclient.ini file out of C:\Documents and Settings\username\Application Data\ICAClient and rename it to an .ica file. Then add it to the script with files -> add files to script. Use the ICA file option for BPMs/load generators over the "native" VuGen Citrix login details for playback whenever possible as this gives you control over both the resolution and colour depth.

Citrix server setup

Make sure the MetaFrame server (1.8, XP, 3, or 4) is installed. Check the manual to ensure the version you are installing is supported. Citrix sessions should always begin with a new connection, rather than picking up from wherever a previously disconnected session left off, which will most likely not be where the script expects it to be.

Black screen of death

Black snapshots may appear during record or replay when using Citrix Presentation Server 4.0 and 4.5 (before Rollup Pack 3). As a potential workaround, on the Citrix server select Start Menu > Settings > Control Panel > Administrative Tools > Terminal Services Configuration > Server Settings > Licensing and change the setting Per User or Per Device to the alternative setting (i.e. If it is set to Per User, change it to Per Device and vice versa.)

Lossy Compression

A script might play back successfully in VuGen on the Load Generator; however, when running it in a scenario on the same load generator, it could fail on every single image check. This is probably a result of lossy compression—make sure to disable it on the Citrix server.

Script layout

Put clean-up code in vuser_end to close the connection if the actions fail. Don't put login code in vuser_init. If the login fails in vuser_ init, you can't clean-up anything in vuser_end because it won’t run after a failed vuser_init.

JDS found performance issues with the applications during performance tests; however, these issues leaned towards functional performance issues more than volume. They were still investigated to provide an understanding of why the applications were experiencing performance problems.

The performance team then worked with action teams to assist with any possible performance resolutions, for example:

  • Database indexing
  • Improvements to method calls
  • Improving database queries

Tech tips from JDS

ServiceNow performance testing tips

Although ServiceNow comes prepackaged with a wide array of prebuilt applications, it’s possible to extend these and develop entirely new applications, and this is where performance problems may arise.

Out-of-the-box, ServiceNow is a fast, robust, secure SaaS platform. ServiceNow is designed to be extended and modified, but customers need to understand those points where performance issues may arise.

Slow loading forms can be a source of user frustration and hinder user uptake. Forms are an area where performance problems can be encountered because customers need to implement additional layers on top of the standard system to incorporate their own business logic. These layers can also build up incrementally over time which can result in reduced performance from one year to the next.

It’s important to understand what business rules and scripts are executing, and in what order, when a record is loaded in a form. This will allow us to better understand where performance issues may arise.

ServiceNow Forms

 

As you can see from the diagram above, there are business rules which execute on the server and scripts which execute on either the client or the server. Both can be a source of performance issues if not managed carefully.

 

Where possible, synchronous scripts should be avoided as the user will be forced to wait for the network/server response to arrive before they can continue their work. As tempting as it is to use asynchronous scripts to enhance the information available to users on a form, this still requires additional communication across the network to ServiceNow. JDS recommends using asynchronous calls sparingly, as there are other means of preloading information, such as using the g_scratchpad.

 

There are four ways of dynamically incorporating additional information into a form in ServiceNow:

  1. g_scratchpad
  2. GlideAjax
  3. GlideRecord
  4. g_form

 

Most ServiceNow administrators are familiar with GlideRecords and g_forms, but these have the heaviest overhead from a performance perspective, as they retrieve all the fields from a particular record when only one value may be needed. To avoid performance issues, you should consider using the g_scratchpad object where possible.

 

What is the g_scratchpad object?
The g_scratchpad object is a simple way of pre-fetching values that are needed on a form. Avoid making additional server calls from the client by anticipating the need for information ahead of time.

 

g_scratchpad
Using the g_scratchpad object is easy.

 

The scratchpad is whatever you need it to be. You define the keys and values you want. Simply load up the g_scratchpad object with whatever information is needed by the form, and then refer to it from the form using Client Scripts.

 

Here’s an example from the ServiceNow Wiki.

Display business rule
g_scratchpad.instanceName = gs.getProperty('instance.system.property');
g_scratchpad.hasAttachments = current.hasAttachments();
g_scratchpad.createdBy = current.sys_created_by;

You can then use this information in your client script without the need for an ajax call.

Client Script
// Check if the form has attachments
if (g_scratchpad.hasAttachments)
// do something interesting here

// Check if this is TEST instance
if (g_scratchpad.instanceName == ‘TEST’)
g_form.setDisplay('test_field', true);

Sometimes, GlideAjax or other methods will be required when information is needed dynamically, but you should carefully consider whether the g_scratchpad can be used before looking at other approaches. JDS recommends developers consult ServiceNow’s own Client Script Best Practices article for more information on this topic.

Why performance test ServiceNow?
When dealing with custom business logic, performance testing ServiceNow can be extremely beneficial. In past performance tests JDS has completed for various multinational companies, JDS has discovered database issues, slow responses for certain forms and also discovered that users from different locations around the world could have an impact in response times. Finding database issues and slow response times prior to going live has allowed these companies to address the problems before launch, helping them achieve their goals of streamlining business processes rather than causing more frustration for employees.

Performance is an important part of the user experience, and is key to ensuring the uptake of ServiceNow within your organisation.

Tech tips from JDS