Some background:
I develop web services for internal departments of a large organisation that are used in public facing websites. There is a geographic differences between myself and my colleagues in these departments so most communication is by email, phone, skype etc.
My process for development is develop in test environment where only my team and I have access to it. This is fine and works well.
Once I and other members of my team are happy with the service I would upload and publish to a UAT/test environment which is accessible to the local domain (wider LAN area) for lets say eCommerce colleagues in another office to test their front end websites/applications against.
This is where the problem occurs. Testing would commence and then some time later eCommerce colleagues update their production/live environments to use this UAT service without my or my teams knowledge (obvious communication problem I know). I only find out when something has changed in UAT which breaks the service and eCommerce complain.
The services are clearly labelled with UAT in the titles/domain name. I have clearly specified when supplying them the UAT service not to use it in a live environment, keep me informed of testing etc. Then when all parties are happy with the service I would go through the relevant change control process and upload to the live production environment.
Are there any processes, methods, tips, advice I should be using to ensure UAT services are not used in a live environment that I have little control over?
Best Answer
In a perfect world, your code wouldn't know if it's in test or production. In that same perfect world, your colleagues would know better than to use a service for production before it is ready.
Since the world isn't perfect, need to make your service less appetizing until it is in production.
Some ideas:
As @BartvanIngenSchenau suggested in a comment, perhaps you can reset your database once a week. Since this is a testing environment, that would be perfectly reasonable and arguably necessary. By definition, there is no production data in a test environment so you are within your rights to do as you wish.
Consider shutting your service off when you are not actively testing it.
Have your service "watermark" its output. Append " TEST" to many of the strings you produce.
Speak with your Network Service people about possibly IP filtering access to the environment.