Document and automate processes with Rational Method Composer and Jazz: Part 3. Customizing a process

Many teams find it challenging to get a project started quickly, to get team members onboard, to set up and configure tools, and to take advantage of proven patterns of success to do their jobs. Many other teams are required to document their process for compliance reasons and show that they follow that process. In the third article in this series, Ricardo Balduino describes how a team extends the process description included in Rational Method Composer to accommodate new process needs and how they automate that process in Rational Team Concert.

Share:

Ricardo Balduino (balduino@us.ibm.com), Senior Software Engineer, IBM

Author1 photoRicardo Balduino is a senior software engineer at IBM. He leads and contributes to the development of solutions such as the Eclipse Process Framework, IBM practices, Collaborative Application Lifecycle Management, Jazz-based software, and the Rational Unified Process. His 17 years of experience in the software industry also includes developing software for industrial processes automation and financial services, as well as providing training and consulting services to help organizations adopt formal and agile software development practices. Ricardo is a certified Project Management Professional (PMP). He holds a B.S. degree in Computer Sciences from Sao Paulo State University, Brazil, and an M.S. degree in Software Engineering from San Jose State University, USA.



31 July 2012

Also available in Chinese Russian

Introduction

Part 2 of this series of articles described how the Business Recovery Matters leadership team quickly configured their project environment and got started in hours, not days. You saw how the team used proven patterns of success to create plans and work items. You also saw how each work item provided links to relevant and contextual guidance so that team members were able to get up to speed quickly on the team's process.

This article describes a more advanced scenario in which the Business Recovery Matters development team needs to perform security testing throughout the development lifecycle. The approach is to customize the process assets included in IBM® Rational® Method Composer and IBM® Rational Team Concert™ to accommodate that need.


Scenario: Customize and automate the process

In this scenario, the leadership team has been notified that the project needs to follow a security policy and make sure that their final product is free of vulnerabilities and exposures to hacker attacks. They determine that this affects the team that is developing the Dividend Deposit component.

This scenario focuses on these actors and roles:

Peter, process engineer (project leadership team)
Sally, security lead (project leadership team)
Marco, team lead (Dividend Deposit feature team)

The subsections that follow describe how they proceed.


Add security assessment content to the process description in Rational Method Composer

Peter, Sally, and Marco investigate whether there are any security testing practices available to support the development team. The Rational solution for Collaborative Lifecycle Management (CLM) process assets that they are currently using do not contain a practice to deal with product security assessment. Good news: there is an Application Vulnerability Assessment practice in the practices library included with Rational Method Composer. The team agrees that this practice addresses their project needs.

Moreover, they learn there is a practice for tailoring the project process, so they decide to follow the tasks and steps in that practice for their customization. Peter also relies on tutorials available in the Rational Method Composer online help to get up to speed with process customization. The steps that follow show how he uses the tool to customize the process while Marco and Sally make the decisions about how best to incorporate the new security assessment practice in the team's process.

Add the new practice to the configuration

  1. Peter has a Rational Method Composer license. Rational Method Composer is installed in "shell-shared" mode with Rational Team Concert. He confirms that there are content reader licenses for the entire team.
  2. To prepare Rational Method Composer for the customization process, Peter performs the following actions:
    1. He opens the practices library included in Rational Method Composer and exports the Application Vulnerability Assessment practice plug-ins, following instructions on the Rational software information center under Exporting a method plug-in.
    2. He downloads the CLM process library available on the IBM Rational Solution process assets page.
    3. He opens a copy of the CLM process library, and imports the Application Vulnerability Assessment practice plug-ins that he previously exported, by following instructions in the Rational software information center "Designing and managing process" section, under Publishing and exporting, for Importing a method plug-in.

The set of practices that come with the CLM process library and the Application Vulnerability Assessment practice are now available in the Rational Method Composer installation.

  1. In the Authoring perspective, Configuration Editor view, Peter makes a copy of the CLM configuration and edits it. (In simple terms, a configuration is a selection of practices to publish.) He adds the vulnerability assessment folder to the configuration (see Figure 1). That folder contains all elements that are part of the Application Vulnerability Assessment practice, such as roles, tasks, work products, and guidance.
Figure 1. The CLM configuration includes the Application Vulnerability Assessment content
Package selections in the configuration editor

Decide which security tasks to perform

  1. In Rational Method Composer, Peter switches to the Browsing perspective and expands the Application Vulnerability Assessment practice node to see the elements that it contains. Under the Activities node (see Figure 2), there are three suggested workflows that a team can follow:
    • Application Vulnerability Assessment - Auditor
    • Application Vulnerability - QA
    • Application Vulnerability Self-Assessment
  2. Marco and Sally decide to use the Self-Assessment workflow, which consists of three tasks, as shown on Figure 2:
    • Develop security test policy (performed by security lead role)
    • Conduct security assessment (performed by developer role)
    • Fix vulnerabilities (performed by developer role)
Figure 2. Options and diagram of the Self-Assessment workflow
Screen capture of practice and workflow window

Larger view of Figure 2.

At this point, they have customized the Rational Method Composer process description as much as they need to do. As you will see later, they use these tasks to create a work item template in the Rational Team Concert project area.

Publish and deploy the modified process description

  1. Peter publishes the modified CLM configuration as a Web archive file, clm.war. He follows the guidance under Publishing configurations as Web sites.
  2. When the publishing ends, Peter goes to the output folder and copies the clm.war file to this Jazz™ Team Server (JTS) folder:

Jazz_server_install_folder\server\tomcat\webapps\rmc

The published Rational Method Composer content is now available to team members.


Update the Rational Team Concert project area

Now it is time to update the Rational Team Concert project area to reflect the changes made to the process description in Rational Method Composer.

Add new roles to the project area and assign team members

Due to the addition of the Application Vulnerability Assessment practice to the CLM configuration in the previous steps, the following new roles were added to the process description:

  • Security Lead
  • Security Tester
  • Security Developer
  1. Peter adds those roles from Rational Method Composer to the Rational Team Concert project area so the team lead can assign team members to perform tasks defined in the process. He follows the steps in the How to update a Jazz Project Area using Rational Method Composer technical note under the "Create a Jazz Role from a Rational Method Composer role" section.
  2. Marco goes to the Rational Team Concert project area where these roles are now available and associates team members with these roles, such as assigning Sally to the Security Lead role.

Add new tasks to the project area

In the previous step, Peter added three security tasks to the Rational Method Composer content. Now he needs to make those tasks available in Rational Team Concert so Marco can assign them to team members performing security roles. He can do this by adding tasks from Rational Method Composer to work item templates in Rational Team Concert.

  1. Peter finds instructions in the How to update a Jazz Project Area using Rational Method Composer technical note under the "Create a Work Item Template from a Rational Method Composer Process Element" topic.
  2. In the Team Process perspective of Rational Method Composer, he finds the Application Vulnerability Self-Assessment workflow and selects the Create a Jazz Work Item Template menu.

Figure 3 shows Peter's actions.

Figure 3. Steps to create or update a work item template
Screen captures of four views as steps progress

Larger view of Figure 3.


Run the project

From the previous step, the development team now has a work item template that they can instantiate to populate iteration plans in Rational Team Concert with security tasks.

Marco follows the information center instructions from the Planning an iteration topic, in the Scenarios section, under Iterative development section.

  1. In Rational Team Concert, he creates an iteration plan for the first Construction iteration that the development team is about to perform.

The resulting plan has no tasks (or planned items) in it yet. To populate the plan, Marco follows the guidance for Creating work items from a template

  1. Marco uses the Development Team – Construction Iteration work item template to populate the iteration plan with typical planning, development, and testing tasks.
  2. Then he uses the Application Vulnerability Self-Assessment work item template to add security testing tasks to the same iteration plan.

After it is populated with all of the Rational Method Composer tasks that the development team needs to run that Construction iteration, including the new security testing tasks, the plan editor in Rational Team Concert looks like the one shown on Figure 4.

Figure 4. Construction iteration plan populated with tasks
Screen capture of iteration plan filled with tasks

Given that the team is new to security testing, they will need help getting started. Fortunately, each of the work items created includes links to the Rational Method Composer practice guidance, so team members have all the guidance that they need at their fingertips to adopt the new practice successfully.


Summary

This article described how the team quickly updated their process to adopt a new practice. You saw how easy it is to create an iteration plan that incorporates the new practice and how team members get in-context guidance to easily adopt the new practice.

Resources

Learn

Get products and technologies

  • Download Rational Method Composer to try it at no charge.
  • Download Rational Team Concert from Jazz.net and try it free on up to 10 projects for as long as you want (requires registration). If you'd prefer, you can try it in the sandbox instead, without installing it on your own system.
  • Download free trial versions of other Rational software.
  • Evaluate other IBM software in the way that suits you best: Download it for a trial, try it online, use it in a cloud environment, or spend a few hours in the SOA Sandbox learning how to implement service-oriented architecture efficiently.

Discuss

Comments

developerWorks: Sign in

Required fields are indicated with an asterisk (*).


Need an IBM ID?
Forgot your IBM ID?


Forgot your password?
Change your password

By clicking Submit, you agree to the developerWorks terms of use.

 


The first time you sign into developerWorks, a profile is created for you. Information in your profile (your name, country/region, and company name) is displayed to the public and will accompany any content you post, unless you opt to hide your company name. You may update your IBM account at any time.

All information submitted is secure.

Choose your display name



The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerWorks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

Required fields are indicated with an asterisk (*).

(Must be between 3 – 31 characters.)

By clicking Submit, you agree to the developerWorks terms of use.

 


All information submitted is secure.

Dig deeper into Rational software on developerWorks


static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=Rational, DevOps
ArticleID=827857
ArticleTitle=Document and automate processes with Rational Method Composer and Jazz: Part 3. Customizing a process
publish-date=07312012