In the process of updating our CTE document I have some questions regarding the components to be certified and the configurations.
Table of Contents
In the CTE document we have outlined a number of different platforms for configuration items, for example IE and Firefox for browser. We also have Red Hat Linux and Windows 2008 for the operating systems and Oracle and MySQL for the database. Taking all the possible permutations of the software would generate a significant number of possible certification platforms. Is it true to say that we need to decide on two combinations to certify against?
The biggest things we look at are operating systems and databases. After that we are pretty laid back about how many flavors of email, browsers, or desktop application integrations you want to toss into the mix. What we need a list of email servers/clients and browsers. As long as we touch them once somewhere during the testing, we consider them good We are not certifying that they run on a specific operating system/database server, but that they support the RM code.
The same thing is true with the databases to some extent. If you support Oracle on Linux we can assume that Oracle works on Windows, unless you had to write something funky in the Alfresco code that talks to Oracle because they are different OS's. We are not certifying that Oracle runs on Windows.
As for the FOIA/PA, bring it on! We seem to be negotiating these test cases with the vendors a little more than in other places because of the work flow aspect, so if a test case seems weird, let's talk.
Our agreement is for two test configurations primarily to allocate enough time to test. If we can test more permutations because things are going very smoothly, we will. You do have to decide on a 'baseline' configuration that includes one OS, one DB, at least one email and at least one browser.
Janamg 18:09, 11 June 2009 (BST)
Classified Records and FOIA
We have specified that we will not do Classified Records, but we will do FOIA. For me this seems like an unusual combination, what is important for you. Specifically how important is FOIA for you, if we can certify on this at a later date it would allow us to concentrate our efforts on getting a really good base implementation.
There are a couple of areas where we think we won't be able to pass a couple of the tests. Primarily this is due to architectural design limitations, for example;
Test Case 4.21 Start a select all search. Abort the search before it completes. [C18.104.22.168.11.]
There is no abort search with Alfresco, this is because the Alfresco search works much like Google, the results start to be delivered instantaneously. Where do we stand with functionality and tests like these?
We always look at the purpose of the test. The abort test case is to allow graceful retreat from an action that is locking up system resources. For example a Cartesian join in a traditional RDBMS would take a really long time and not return the results someone was seeking, so they would need to be able to abort that.
In Alfresco's case, if a search is taking too long, the user can simply close the browser window and kill the session. This doesn't harm anything. (I hope.) Janamg 16:49, 26 June 2009 (BST)
Not 'THE' STIG
We use the term as a verb to indicate that the boxes and loaded software have been locked down. So all documents that apply to the OS and supporting software are applicable. We generally run the general purpose gold disk and call it good. We are looking to verify that the proposed records management solution doesn't rely on some known vulnerability to function correctly.Janamg 22:55, 20 July 2009 (BST)
Test Case 5-1.4.3
This test case refers to a 'Documents Spreadsheet', as in 'File according to documents spreadsheet'. I can't find this spreadsheet anywhere nor a reference to it on the JITC web site.