Professional Services Professional Services & Outsourcing Systems Implementation

Cloud Migration

Advisory, implementation, and operational engagements where trust, alignment, and execution governance determine outcomes.

Accenture AWS Professional Services Rackspace TCS
Inside this journey
  1. Pre-Discovery

    Align the room on outcomes, decision process, and constraints before deeper discovery.

    1. Stakeholder Alignment

      Confirm decision roles, deadlines (lease, vendor EOL, board mandates), success criteria, and key risks across IT, security, and finance.

      Alignment Questions

      Quick Intro: Who's in the Room?

      • Who should we coordinate with day-to-day for scheduling, approvals, and clarifications?
      • Which individual or role is the executive sponsor who will champion this migration? Options: CIO, CTO, VP Infrastructure, Head of Cloud/Platform, CISO, CFO, Other
      • Which teams need direct involvement from day one (select all that apply)? Options: Application owners, Infrastructure/Operations, Security/InfoSec, Network, Database teams, Finance/Procurement, Compliance/Legal, Dev/Platform, Vendor/Third-party
      • Briefly describe any existing relationship, tension, or alignment between IT, Security, and Finance when it comes to cloud spend and risk.
      • Who are the top three people we should meet during our first stakeholder alignment workshop (name + role)?

      If One Thing Breaks, Who Gets Knocked Off-Balance?

      • If a single critical application failed as a result of migration, who would face the highest immediate pressure and why?
      • Which of the following failure scenarios concerns you most right now? Options: Production outage during cutover, Data loss or integrity issues, Security/compliance breach, Unexpected ongoing cloud costs, Loss of integration with on-prem systems, Vendor support gaps, Other
      • Have you experienced a migration-related failure before? If yes, what happened and what did stakeholders most react to? Options: Yes — production outage, Yes — cost overrun, Yes — security/compliance incident, No — this is our first large migration
      • When something goes wrong, what response or remediation do you expect from a migration partner within the first 24–72 hours? Options: Root-cause analysis and fix plan, Rollback to last known state, Temporary workaround, Compensating controls for security/compliance, Daily executive updates
      • Describe the worst-case impact (operational, financial, reputational) you fear if a key workload migration fails.

      Who's Holding the Keys?

      • Which roles have final approval authority to move an application from 'ready' to 'migrate'? Options: CIO/CTO, VP Infrastructure, Application Owner, CISO, Finance Lead, Procurement, Board/Executive Committee, Other
      • Are approval thresholds tied to budget, risk level, or technical complexity? Select all that apply. Options: Budget thresholds (dollar value), Risk thresholds (security/compliance), Complexity thresholds (dependencies, refactor effort), Application criticality (business impact), None — ad hoc approvals
      • Who signs off on security and compliance acceptance for migrated workloads? Options: CISO, Security Architecture, Compliance Officer, Application Owner, External Auditor, Other
      • Who owns the post-migration acceptance and operations handoff for applications (name and role)?
      • Which internal or external stakeholders must be consulted before we run discovery tools in a production environment? Options: Security/InfoSec, Network, Application Owners, DBA, Legal, Third-party vendors, None

      Deadlines That Keep You Up at Night

      • Which immovable deadline is driving the migration timeline right now? Options: Data center lease expiry, Vendor end-of-life (EOL), Board or executive mandate, Regulatory/compliance deadline, Cost-target deadline, Other
      • Please provide the target date for that deadline (or range) and indicate how fixed it is. Options: Exact date (hard deadline), Month/Quarter (semi-flexible), Within 6–12 months (soft), No confirmed date yet
      • What happens if that deadline is missed? Select expected consequences. Options: Lease extension costs, Regulatory penalty/fines, Board escalation, Service disruptions, Contractual obligations with vendors, Budget impacts, Other
      • Are there interim milestones or blackout windows we need to know about (e.g., fiscal year close, audit periods)? Please list them.
      • How much schedule flexibility can your leadership realistically grant to manage complex refactors or unexpected dependency discoveries? Options: No flexibility — fixed date, Limited flexibility with executive approval, Moderate flexibility (weeks), Significant flexibility (months)

      What Would Make the Board Quiet?

      • If you had to report a concise success statement to the board in 6 months, what single outcome would prove the migration is on track?
      • Which of these measurable outcomes matter most for executive reporting? Choose up to three. Options: % of workloads migrated, Reduction in run-rate infrastructure costs, Number of incidents/outages during migration, Time-to-recovery (RTO), Security/compliance posture scores, User performance improvements, Migration schedule adherence
      • Do you have baseline metrics (current costs, performance, incident rates) we can use to validate success? If yes, briefly describe availability. Options: Yes — centralized dashboards/CMDB, Partially — data in multiple sources, No — baselines not available
      • Who will own reporting and sign the acceptance of pilot success metrics? Options: CIO/CTO, VP Infrastructure, Application Owner, Security Officer, Finance Lead, Other
      • What acceptance criteria would make you comfortable to greenlight subsequent waves after a pilot (e.g., <X incidents, <Y% cost delta)?

      Where the Risk Hides — IT, Security, Finance

      • What single technical, security, or financial risk keeps you awake about this migration?
      • Select the IT and technical risks you consider most likely to surface during migration. Options: Undocumented dependencies, Database compatibility issues, Network segmentation/connectivity failures, Configuration drift between environments, Performance regressions, Lack of automation/runbooks
      • Select the security/compliance risks you are most concerned about. Options: Exposure during discovery/assessment, Non-compliance post-migration, Insufficient access controls, Encryption/key management issues, Audit trail gaps, Third-party data handling
      • How do you prefer risk to be mitigated or accepted—prevention, staged mitigation (pilot), or rollback-first strategy? Options: Prevention (extensive testing before cutover), Staged mitigation (pilot then waves), Rollback-first (ability to revert fast), Compensating controls during migration
      • What financial guardrails should we adhere to during and after migration to avoid bill shock? Options: Pre-migration cost modeling and approvals, Budget caps per wave, Real-time cost alerts, Reserved/committed pricing strategies, Post-migration optimization plan

      Unseen Dependencies & Knowledge Gaps

      • How confident are you that your inventory captures all production dependencies for your top 20 business-critical apps? Options: >90% confident, 70–90% confident, 50–70% confident, <50% confident, Unknown
      • Which discovery artifacts and sources do you currently have available? Options: CMDB/Asset DB, Network diagrams, Application runbooks, Logs/observability data, Configuration management (Ansible/Chef), Dependency mapping tools, No formal artifacts
      • How often do you find undocumented integrations or dependencies during assessments? Options: Almost always, Often, Occasionally, Rarely, Never
      • Are there systems or teams that will resist discovery tool deployment (for security, policy, or vendor reasons)? If so, which ones and why?
      • If we proposed automated dependency mapping, what concerns would you want addressed up front? Options: Data privacy, Agent impact on performance, Scope and access limits, False positives/negatives, Integration with CMDB

      Decision Rhythm & Escalation: Who Calls the Shots?

      • When an urgent migration issue arises, who has authority to reallocate budget or resources within 24 hours? Options: CIO/CTO, VP Infrastructure, Application Owner, Finance Lead, Program Manager, Other
      • What governance cadence do you expect for this program? Options: Weekly executive steering, Bi-weekly technical runbook reviews, Monthly finance reviews, Ad-hoc as issues surface, Other
      • What escalation path should we follow for security incidents during migration (who to notify and in what order)?
      • Are there internal change control windows or CAB approval processes we must align to for cutovers? Options: Yes — formal CAB with scheduled windows, Yes — informal approvals required, No — flexible cutover scheduling, Unknown
      • Which communication channels are mandatory for stakeholder updates (select all that apply)? Options: Email, Slack/Microsoft Teams, Weekly status calls, Executive dashboards, Ticketing system (JIRA/ServiceNow)

      Comfort, Concerns & the Small Next Step

      • If you could remove one concern about starting discovery and a pilot this month, what would it be?
      • How ready are you to grant the access needed for automated discovery tools (logs, network flow, agents) on a pilot workload? Options: Ready immediately, Ready after a short review (1–2 weeks), Requires security/Legal signoff (2–6 weeks), Not possible at this time
      • What would make you feel confident to greenlight a one-workload pilot (select up to three)? Options: Clear rollback plan, Limited blast radius (non-prod or low-risk app), Defined success metrics, Security review completed, Fixed-cost pilot, Executive sponsorship
      • What practical blocker, if unresolved, would prevent you from proceeding to a pilot in the next 30 days? Options: No stakeholder alignment, Lack of budget, Security objections, Insufficient baselines/data, Vendor conflicts, None
      • Who should we schedule a 60–90 minute stakeholder alignment workshop with to finalize roles, deadlines, and pilot acceptance criteria?
    2. Current State Mapping

      Capture application inventory, undocumented dependencies, compliance constraints, and migration blockers using discovery artifacts and timelines.

      Current State

      Opening the Map: Who's in the Room and Why

      • Which people or teams will actively participate in discovery sessions (select all that apply)? Options: CIO/CTO, VP Infrastructure/Cloud, Security/InfoSec, Compliance/Risk, Application Owners, DBA/Platform, Network Ops, Finance/FinOps, Other
      • What is the single most important outcome you need from this migration (briefly)?
      • Which hard deadlines are driving this program (pick any that apply)? Options: Data center lease expiration, Vendor End-of-Life, Board cost-reduction mandate, Regulatory deadline, Merger/Divestiture timeline, No firm deadline yet, Other
      • How confident are you in the completeness of your current application inventory? Options: Very confident, Somewhat confident, Questionable, Not confident at all
      • How do you currently capture application dependencies and topology (describe tools and frequency)?

      Hidden Webs: The Dependencies That Break Assumptions

      • What if several systems you consider 'standalone' actually share critical hidden dependencies — how would that change your migration plan?
      • How often have undocumented dependencies caused outages, delays, or rework during past changes? Options: Regularly (monthly/quarterly), Occasionally (yearly), Rarely, Never sure
      • Which kinds of dependencies are you most worried about (select up to three)? Options: Database links, File shares/NFS, Message queues/event buses, Hardcoded IPs/hostnames, Middleware versions, Custom integrations/APIs, Shared storage or hardware, Other
      • Tell us about one example where a missed dependency created real impact — what happened and who was affected?
      • Which discovery approaches have you tried and with what results (agent scanning, network tracing, manual interviews, CMDB reconciliation)? Options: Agent scanning, Network flow analysis, Manual application interviews, CMDB reconciliation, Log correlation, We haven't tried formal discovery

      Deadlines and Pressure Points: Which Ones Will Break You?

      • Which single deadline would create a crisis for the business if we missed it? Options: Lease EOL, Vendor EOL, Board/Executive mandate, Audit or compliance window, Go-live for a strategic campaign, Other
      • If that deadline slips by one month, what are the likely business impacts (cost, revenue, legal, customer trust)?
      • How are migration timelines governed and who has final sign-off on schedule changes? Options: Program Steering Committee, CIO/CTO, Cloud Program Director, Business Unit Leader, No formal governance
      • Which internal approval gates typically slow you down (security review, finance sign-off, application owner consent, vendor approvals)? Options: Security review, Architecture review board, Finance/Procurement, Application owner signoff, Vendor change approval, Other
      • Are there windows where we cannot execute migrations (business blackout dates, seasonal peaks, regulatory reporting)? Options: Yes — list windows below, No strict windows, Unsure — need to check

      Rules You Can't Bend: Compliance, Security and Non-Negotiables

      • Which compliance or security requirement would stop a migration in its tracks if not met? Options: PCI-DSS, HIPAA, SOC 2/ISO 27001, GDPR/Data residency, FedRAMP/IL4/IL5, Contractual third-party obligations, Other
      • Describe any data residency, encryption, or logging controls that are mandatory for workloads in scope.
      • Do any applications rely on certifications, vendor audits, or attestation documents that must be preserved through migration? Options: Yes — provide details next, No, Unsure
      • How mature are your identity, access, and network segmentation controls today? Options: Highly mature, Moderately mature, Basic controls only, Minimal or ad-hoc
      • Please list any active or impending compliance audits, penalties, or contractual deadlines we should plan around.

      Inventory Reality Check: What Your CMDB Isn't Telling You

      • If an on-call engineer had to name every app that would cause a critical outage if moved, could they do it confidently? Options: Yes, Mostly, Not reliably, No
      • When was the last comprehensive scan or reconciliation of your application inventory and CMDB? Options: Within 30 days, 30–90 days, 3–12 months, Longer than a year, Never
      • Which sources currently feed your inventory (select all that apply)? Options: CMDB, Cloud console(s), Virtualization platform, Network discovery, Tagging and naming conventions, Spreadsheets/manual lists, Other
      • Where do you suspect the biggest blind spots exist (shadow IT, third-party SaaS, legacy middleware, batch jobs)?
      • How do you prefer to reconcile differences we uncover — automated sync, joint workshops, or directed owners' updates? Options: Automated sync, Joint workshops with owners, We will update CMDB after review, Combination

      Migration Blockers & Technical Debt: What's Under the Hood?

      • Which legacy constraint do you fear will derail a wave: old database versions, licensing, unsupported OS, or something else? Options: Unsupported OS/patching, Outdated DB versions, Vendor-locked licensing, Hardware-bound licenses, Custom binaries/tightly-coupled code, Other
      • How many applications would you estimate require code changes or refactoring versus lift-and-shift? Options: Most (>50%), Many (25–50%), A few (<25%), Unsure
      • List any third-party vendors or ISVs that restrict cloud moves or require special approval.
      • Do you have license or maintenance contracts tied to physical hardware that could block migration? Options: Yes — critical, Yes — manageable, No, Unsure
      • What internal resources do you currently lack that would speed refactor or remediation work (skills, automation, test environments)? Options: Cloud engineers, DevOps automation, QA/test environments, Migration runbooks/playbooks, Budget for replatforming, Other

      Pilot and Wave: What Will Make Us Succeed or Fail?

      • What outcome would cause you to label the pilot a failure (performance regression, cost overshoot, broken integrations, missed cutover)? Options: Performance regression, Cost above target, Integration breakages, Operational handover failure, Security/compliance gaps, Other
      • Which measurable pilot metrics matter most (select up to three)? Options: RTO/RPO, Latency/throughput, Total cost of ownership, Cutover success rate, Time to restore, Operational runbook completeness
      • Who will be the final authorizer to move from pilot to wider waves? Options: CIO/CTO, Program Steering Committee, Application Owner, Cloud Program Director, Security/Compliance Lead, Other
      • Describe your rollback and remediation expectations — how quickly must we be able to restore production if a migration fails?
      • How do you want migration responsibilities split between your team and ours during pilot and waves? Options: We own infra, you run migrations, You lead, we support, Joint responsibility per wave, Other

      Discovery Artifacts: What We'll Need to Prove the Map

      • If we delivered an interactive dependency map tomorrow, which immediate decision would it unlock for you?
      • Which artifacts can you provide within two weeks to accelerate discovery (select all that apply)? Options: Current CMDB export, Network diagrams, Application runbooks, Architecture diagrams, Access to monitoring/logs, Spreadsheet inventory, None available quickly
      • Are you willing to permit agent-based discovery and network flow capture in your environment for 30–90 days? Options: Yes — no constraints, Yes — with security review, Maybe — need approvals, No
      • Who are the two primary contacts (name, role, email) who will own artifact delivery and access approvals?
      • What timeline would you like for receiving a first-pass dependency map and gap analysis from us? Options: Within 1 week, 1–2 weeks, 2–4 weeks, Longer than 4 weeks
  2. Solution Experience

    Use the customer’s inventory and risk scenarios to show how automated dependency mapping, pilot outcomes, and cost modeling prevent failures and bill shock.

    Experience Meetings

    • Solution Experience Kickoff — Current State & Consequence Alignment
    • Automated Dependency Mapping — Live Proof with Customer Inventory
    • Pilot Outcomes & Runbook Validation — Proof of Safe Cutover
    • Cost Modeling & Bill-Shock Prevention Workshop
    • Solution Experience Validation & Go/No-Go Confirmation
    • Produce a set of accepted cost assumptions and a monitoring cadence for wave execution.
    • Pilot Summary & Metrics
    • Demonstrate that the pilot validated the migration approach and runbook sufficiently to prevent the top failure modes.
    • Obtain customer agreement on which pilot findings are acceptable and which require remediation before waves.
    • Confirm explicit pass/fail decision for advancing to wave execution or define remediation backlog.
    • Seller: Produce a pilot lessons-learned report with prioritized remediation items and estimated effort.
    • Customer: Approve or reject pilot acceptance and sign off on any required remediation priorities.
    • Seller: Update runbooks and automated checks based on pilot learnings and recirculate to SMEs.
    • Recap: Cost-related Consequences to Prevent
    • Validate that the modeled cloud costs align to customer expectations or surface precise delta with data-center baseline.
    • Agree on specific cost guardrails and governance processes that will prevent bill shock during and after migration.
    • Introductions & Purpose
    • Seller: Deliver the detailed cost model workbook with scenario tabs and a one-page delta summary vs baseline.
    • Customer: Confirm budget thresholds, approval channel, and escalation path for cost variances.
    • Seller: Configure cost-alerting dashboards and schedule a short training for the customer's finance and cloud ops teams.
    • Synthesis: Problem -> Proof -> Validation
    • Obtain explicit customer validation that the solution experience proved the future state or capture conditional requirements to reach validation.
    • Agree a clear set of remediation actions (if any) with owners and deadlines before wave execution.
    • Document the go/no-go decision and the agreed next steps for Solution Scope and Pilot Authorization.
    • Customer: Provide formal go/no-go decision or sign-off on conditional remediation items with deadlines.
    • Seller: Publish a Solution Experience report summarizing proofs, validation results, and required remediation; include acceptance artifacts for the record.
    • Seller & Customer: Schedule Solution Scope kickoff and assign governance leads.
    • Produce a single, agreed one-sentence current state describing where migration is breaking today.
    • Surface and quantify the top 3 consequences (cost, downtime, compliance exposure) to create urgency.
    • Agree a one-sentence future state outcome that all demonstrations must prove.
    • Confirm required datasets and access for the automated mapping and cost modeling sessions.
    • Customer: Provide final sanitized inventory, top risk scenarios, and any existing dependency outputs (deadline: 48 hours).
    • Seller: Validate access to discovery artifacts and prepare mapping tool configuration for the customer's environment.
    • Seller: Draft the one-sentence current-state and future-state statements from the session and circulate for confirmation.
    • Recap of Agreed Current State & Validation Rules
    • Prove that automated mapping uncovers hidden dependencies that would cause migration failures if missed.
    • Receive live validation from at least one app owner on correctness of critical dependency mappings.
    • Produce a short list of candidate pilot workloads informed by mapping and risk prioritization.
    • Agree on follow-up actions to reconcile any mapping gaps identified by owners.
    • Seller: Deliver an annotated dependency map PDF marked with high/medium/low risk nodes within 48 hours.
    • Customer: Assign 2-3 additional app owners to validate mappings for the pilot workload (names & contact info).
    • Seller: Update pilot candidate list and rationale based on mapping validation.
    • Forward-looking Cost Model Walkthrough
    • Gap Review
    • One-sentence Current State
    • Mapping Tool Live Walkthrough
    • Incident Review — What Would Have Failed
    • Acceptance Criteria Check
    • Consequence Quantification
    • Runbook & Cutover Checklist Live Validation
    • Problem-to-Proof Tieback
    • Sensitivity & Worst-case Scenarios
    • Controls to Prevent Bill Shock
    • Acceptance Criteria vs Results
    • Owner Validation Exercise
    • One-sentence Future State
    • Decision & Next Steps
    • Communications & Governance
    • Remediation & Pilot Targeting
    • Next-wave Readiness Decisions
    • Data & Tooling Check
    • Decision Points & Cost Acceptance
    • Agenda & Validation Rules
  3. Solution Scope

    Define assessment deliverables, landing zone architecture, pilot workload, wave sequencing, responsibilities, and measurable acceptance criteria.

    Scope Configuration

    • Run automated dependency discovery and generate dependency maps
    • Provision secure cloud landing zone
    • Establish hybrid connectivity (VPN/Direct Connect)
    • Rehost VMs with automated replication and cutover
    • Migrate databases to managed cloud database services
    • Refactor applications into containers and deploy to Kubernetes
    • Replatform applications to cloud-managed platform services
    • Implement CI/CD pipelines and automated release workflows
    • Apply cloud-native monitoring, logging, and APM
    • Perform cloud cost optimization and rightsizing during migration
    • Implement cloud security controls, IAM, and encryption
    • Execute cutover runbooks and rollback during migration waves
    • Decommission on-premises assets and validate resource teardown

    Scope Questions

    Run automated dependency discovery and generate dependency maps

    • Do you want automated dependency discovery across the entire portfolio or limited to selected applications? Options: Full portfolio, Selected applications, Pilot only
    • Approximately how many application components, hosts, or services should be discovered? Options: 500-2,000, 2,000+, Less than 100, 100-500
    • Which existing artifacts should we ingest to enrich discovery (select all that apply)? Options: CMDB, Network diagrams, Endpoint agents / monitoring data, Application inventories, None / start fresh, Other
    • Which environments must be discovered? Options: Production, Staging, Development, Disaster Recovery, All environments
    • Are there systems that cannot accept discovery agents or have restricted network access (air-gapped, regulated)? Options: Yes, No
    • If yes or partially, list systems or constraints (hostnames, datacenters, regulatory limits, maintenance windows)

    Provision secure cloud landing zone

    • Which cloud provider(s) and account model do you require for the landing zone? Options: AWS, Azure, Google Cloud, Multi-cloud (mix of providers)
    • Which compliance or regulatory frameworks must the landing zone meet? Options: PCI, HIPAA, SOC2, ISO27001, FedRAMP, None / Custom
    • Approximately how many accounts/subscriptions/projects and organizational units will be needed? Options: 1-5, 6-20, 21-100, 100+
    • What network segmentation model is required (e.g., prod/non-prod, business-unit, flat)? Options: Flat, Prod / Non-prod, By business unit, By environment and BU (hybrid), Custom
    • Who will own ongoing landing zone operations after handoff? Options: Customer, Seller, Shared / Co-managed
    • List acceptance criteria for the landing zone (examples: IAM baseline, centralized logging, guardrails, encryption at rest)

    Establish hybrid connectivity (VPN/Direct Connect)

    • Do you need persistent dedicated connections (Direct Connect/ExpressRoute), VPNs, or a combination? Options: Persistent (Direct Connect/ExpressRoute), Temporary VPNs, Both, Not sure
    • What is the expected bandwidth requirement for hybrid connectivity? Options: Less than 100 Mbps, 100 Mbps - 1 Gbps, 1 - 10 Gbps, 10+ Gbps
    • Are low-latency or high-throughput SLAs required for specific applications? Options: Yes, No
    • Do you require high-availability connectivity (active-active or redundant circuits)? Options: Yes, No
    • Are there preferred carriers, colocation sites, or datacenter locations that must be used?
    • What is the target timeline for connectivity to be operational before migration cutovers? Options: Less than 2 weeks, 2-4 weeks, 4-8 weeks, 8+ weeks

    Rehost VMs with automated replication and cutover

    • How many VMs or physical servers are expected to be rehosted in the project scope? Options: Less than 50, 50-200, 200-1,000, 1,000+
    • Provide the typical VM footprint or a sample distribution (vCPU / RAM / Storage) if available
    • What hypervisors and operating systems are in use (VMware, Hyper-V, KVM, Windows, Linux, legacy)? Options: VMware, Hyper-V, KVM, Physical / Bare-metal, Windows, Linux, Other
    • What are the recovery/availability targets for rehosted workloads (pick the closest) Options: RTO <1 hour / RPO <5 minutes, RTO 1-4 hours / RPO <1 hour, RTO 4-24 hours / RPO <4 hours, RTO >24 hours / RPO >4 hours
    • Which replication approach is preferred or required (agent-based, agentless, snapshot-based)? Options: Agentless, Agent-based, Snapshot-based, No preference
    • List any licensing, storage, or network constraints that will affect replication and cutover

    Migrate databases to managed cloud database services

    • Which database engines are in scope for migration? Options: Oracle, SQL Server, MySQL, PostgreSQL, MongoDB, Other
    • Estimate total database size and number of instances to migrate Options: Less than 500 GB, 500 GB - 5 TB, 5 TB - 50 TB, 50 TB+
    • Will migrations be homogeneous (same engine) or require heterogeneous conversions (e.g., Oracle -> Postgres)? Options: Homogeneous, Heterogeneous, Not sure / Evaluate
    • Are there strict RPO / RTO targets for database migration or synchronization requirements? Options: Yes, No
    • Are there regulatory or data residency requirements that affect database placement or encryption? Options: Yes, No
    • List critical upstream/downstream integrations, maintenance windows, and any blackout periods that will affect DB migration planning

    Refactor applications into containers and deploy to Kubernetes

    • How many applications or services are candidates for containerization in this engagement? Options: None, 1-10, 11-50, 50+
    • Are target applications mostly monoliths, microservices, or a mix? Options: Monolith, Microservices, Mixed
    • Which languages, runtimes, and framework versions are in use that will affect containerization?
    • Do you require container image registry, vulnerability scanning, and image promotion workflows? Options: Yes, No
    • What availability, scaling, and stateful requirements must Kubernetes deployments meet?
    • List any third-party libraries, vendor-supported components, or licensing constraints that may block refactoring

    Replatform applications to cloud-managed platform services

    • Which managed platform services are you targeting (select all that apply)? Options: Managed DB (RDS/Cloud SQL), Platform App Services (App Service, Cloud Run), Serverless Functions (Lambda/Functions), Managed Caching / Redis, Other
    • Are the applications compatible with PaaS constraints (e.g., statelessness, session handling)? Options: Stateless, Stateful, Mixed / Requires changes
    • Do you require zero code changes, minor modifications, or full refactor for replatforming? Options: Zero code changes, Minor changes, Significant refactor required
    • Are there runtime, OS, or library version limitations that would prevent migration to managed services? Options: Yes, No
    • What cost or performance targets must replatformed apps meet compared to on-premises?
    • Define acceptance criteria for a successful replatform (examples: functional parity, performance within X%, no increased operational overhead)

    Implement CI/CD pipelines and automated release workflows

    • Do you have an existing CI/CD toolchain to integrate or should we provision a new one? Options: Jenkins, GitLab CI, GitHub Actions, Azure DevOps, No existing toolchain, Other
    • Which pipelines are required: infrastructure (IaC), application builds, deployments, or all? Options: Infrastructure (IaC), Application builds, Deployments, All of the above
    • Which deployment strategies are required or preferred? Options: Automated rollback, Canary, Blue-Green, Rolling, None / Manual
    • What is the target deployment frequency (how often will you deploy changes)? Options: Multiple times per day, Daily, Weekly, Less than weekly
    • List required quality gates, security scans, or approvals that must be part of pipeline workflows
    • Who will own and operate the pipelines after transition? Options: Customer DevOps team, Seller (managed), Shared / Co-managed

    Apply cloud-native monitoring, logging, and APM

    • What monitoring scope do you require: infrastructure, application, user experience, security, or all? Options: Infrastructure, Application, User experience (RUM), Security / SIEM, All of the above
    • Do you have an existing monitoring/APM/logging solution to integrate with? Options: Datadog, New Relic, Prometheus/Grafana, Cloud-native (CloudWatch/Monitor/Operations), None, Other
    • What retention period is required for logs and metrics? Options: 7 days, 30 days, 90 days, Custom / longer
    • Are there defined SLIs/SLOs or alerts that must be implemented during migration? Options: Yes, No
    • Do you require synthetic monitoring and/or real user monitoring (RUM)? Options: Synthetic, Real User Monitoring (RUM), Both, None
    • Describe current alerting pain points or escalation workflows that must be addressed

    Perform cloud cost optimization and rightsizing during migration

    • When do you want cost optimization efforts executed: before migration, during migration, or after? Options: Before migration (modeling), During migration (rightsizing), After migration (ongoing ops), All phases
    • Do you have cost reduction or budget targets (percent or absolute) to measure success?
    • Are long-term commitments (Reserved Instances / Savings Plans / Committed Use) acceptable? Options: Yes, No, Partial / Evaluate per workload
    • Do you require tagging, chargeback/showback, and department-level cost allocation? Options: Yes, No
    • Who approves cost optimization recommendations and potential changes to instance types or commitments? Options: Customer Finance, Customer IT, Seller, Shared
    • List any fixed licensing or contractual costs that limit rightsizing decisions
  4. Mutual Commit

    Agree commercial terms, pilot success metrics, SLAs, governance cadence, and escalation paths tied to migration milestones.

    Agreement Modules

    • Statement of Work (SOW)
    • Master Services Agreement (MSA)
    • Commercial Terms & Pricing Schedule
    • Pilot Acceptance Criteria & Success Metrics
    • Service Level Agreement (SLA)
    • Governance & Cadence Agreement
    • Escalation & Issue Resolution Matrix
    • Change Control & Change Order Process
    • Security & Compliance Addendum (DPA)
    • Shared Responsibility & Access Matrix
    • Migration Acceptance & Cutover Criteria
    • Termination, Exit & Repatriation Plan
    • Insurance & Liability Confirmation
    • Performance Remedies & Service Credits
    • Execution & Signature Checklist
  5. Deployment

    Operationalize rollout with readiness checks, enablement, and outcome validation.

    1. Pre-Deployment Readiness

      Confirm access, discovery tool deployment, security/compliance controls, rollback plans, and owner signoffs before execution.

      Readiness Questions

      Quick Snapshot: Who’s in the Room?

      • Which people or roles should we treat as primary contacts for decisions, day-to-day access, and emergency escalation? Options: CIO/CTO, VP/Director of Infrastructure, Cloud Program Director, Security/InfoSec Lead, Network Lead, Application Owner, DBA, Finance/Cost Owner, Other (please name)
      • Which single migration deadline is non-negotiable for your organization (lease expiry, vendor EOL, board target)? Please give the date if available. Options: Lease expiry, Vendor end-of-life, Board cost reduction deadline, Regulatory deadline, No firm date yet
      • What is the principal business objective driving this migration right now? Options: Avoid data center costs, Meet vendor EOL, Comply with board mandate, Enable new capabilities, Reduce operational risk, Other
      • If you had to name one worry keeping you up at night about this program, what would it be?
      • How confident are you that the people named above have the authority to approve access and signoffs during deployment? Options: Completely confident, Mostly confident, Somewhat confident, Not confident

      What If Access Breaks the Whole Plan?

      • What would you estimate is the single biggest access-related blocker that has derailed past IT projects here? Options: Missing privileged accounts, Network zone restrictions, Protracted approvals, Vendor policy limits, Change freeze windows, Other
      • Which environments do we need discovery or agent access to (select all that apply)? Options: Production, Pre-prod/Staging, QA, Dev, DR/Backup, Network devices, Storage systems
      • Are privileged credentials available for temporary use, or do we need to request elevated sessions each time? Options: Dedicated service accounts available, Just-in-time elevated sessions required, Requires formal change ticket each time, No privileged access currently available
      • Describe any internal approval process or committee that typically reviews access requests and how long approval usually takes.
      • Tell us about one past project where access delays impacted timeline—what happened and how did you respond?

      Are We Really Ready to Run Discovery?

      • If our discovery tool was run tomorrow, what single technical constraint would most likely prevent it from completing successfully? Options: Network segmentation blocks agents, Credentials unavailable, High data sensitivity/classification, Maintenance window conflicts, Agent install policy forbids external tools
      • Which discovery approach do you prefer for your estate? Options: Lightweight agent install, Agentless network-based discovery, API-based inventory harvest, Hybrid (mix of above)
      • List the key systems, platforms, or silos that are often excluded from discovery or require special handling (e.g., mainframe, OT, SaaS, vendor-hosted).
      • Are there blackout windows, maintenance cycles, or business events that constrain when we can run discovery? Please provide typical days/times or blackout periods. Options: Night/weekend windows only, Business hours allowed, Monthly maintenance windows, Quarterly freezes, No constraints known
      • Do you have any data classification or privacy rules that would prevent us from collecting certain metadata or logs? If so, please describe.

      What Could Make a Pilot Fail Before It Starts?

      • What single assumption about your environment, if proven wrong during the pilot, would cause you to pause or stop the pilot? Options: Unexpected dependencies, Higher refactor effort, Unresolved compliance controls, Network constraints, Cost projections exceed budget
      • Do you have an existing rollback or backout playbook for migrations, and how often has it been exercised in the last 24 months? Options: Yes, exercised in last 12 months, Yes, but not recently, No formal playbook, Rollback handled case-by-case
      • What are your RTO and RPO expectations for pilot workloads and how strict are they? Options: RTO <1 hour / RPO <15 mins, RTO 1–4 hours / RPO 15–60 mins, RTO 4–24 hours / RPO 1–4 hours, Flexible
      • If a rollback is required, who must approve it and what information do they need to decide?
      • Describe a past rollback or failed cutover—what were the root causes and the recovery steps taken?

      Who Holds the Red Card?

      • Who is authorized to give the official 'go/no-go' for a pilot cutover and for subsequent waves? Options: Application Owner, Infrastructure Lead, Security Lead, Business Stakeholder, Program Manager, Other (name role)
      • What signoff artifacts do approvers expect before authorizing a migration wave (runbooks, test results, cost estimate, security checklist)? Options: Runbook and test results, Security and compliance checklist, Cost estimate and forecast, Rollback plan, Stakeholder approval email
      • How quickly do your approvers typically respond to signoff requests during a migration cadence? Options: Within hours, Same business day, 1–3 business days, Multiple days to a week
      • Who are the escalation contacts for unresolved issues, and what is their expected response time?
      • What would cause an approver to require additional evidence before signing off (examples: third-party validation, performance test results, security scans)?

      Show Me Your Security Guardrails

      • Which regulatory or compliance frameworks must the migration and deployed workloads adhere to? Options: PCI-DSS, HIPAA, SOX, GDPR, FedRAMP, NIST, ISO 27001, None/Other
      • Which security controls are mandatory to validate before we move any workload (examples: vulnerability scan, config benchmark, encryption at rest/in transit)? Options: Vulnerability scan, Configuration benchmark (CIS), Encryption at rest, Encryption in transit, Endpoint protection, Logging/forensics enabled
      • Are there any contractually required audit artifacts or evidence packages we must produce during or after migration? Options: Yes — list available artifacts, Yes — will be defined later, No contractual audit artifacts
      • Who manages key material and KMS/HSM access and what is the process to request temporary usage for the migration?
      • Have you defined acceptable vulnerability severity thresholds (e.g., block migration if critical vulnerabilities present)? If so, please describe. Options: Block on critical only, Block on critical/high, Block on any known exploitable

      If Something Breaks, Will Anyone Notice?

      • What monitoring and alerting systems will we rely on to detect issues during the pilot and waves? Options: Datadog/New Relic, CloudWatch/Cloud Monitoring, Prometheus/Grafana, Splunk/ELK, On-prem monitoring, Other (name)
      • What are the key operational metrics we must validate post-cutover to consider the migration successful (latency, error rate, throughput, cost per transaction)? Options: Latency, Error rate, Throughput, Resource utilization, Cloud cost per workload, Other (specify)
      • Where are your runbooks and run-time playbooks stored, and can we access them for onboarding? Options: Confluence/Wiki, Internal Git repo, ITSM system, Not documented, Other
      • Who is on-call during cutover windows and what is the expected on-call response time for critical alerts? Options: Operations team — <15 mins, Operations team — <1 hour, Application owner, Hybrid/rotating on-call
      • Describe a time when monitoring caught a migration-related issue early—what alerted you and how was it resolved?

      What Would Zero-Surprise Pre-Deployment Look Like?

      • Imagine we have zero surprises on go-day—what three things had to be true the week before to make that happen?
      • Which measurable readiness gates should we use to automatically green-light a wave (select all that apply)? Options: Credentials verified, Discovery complete and dependency map validated, Security scans passed, Rollback tested, Network connectivity confirmed, Stakeholder signoffs present
      • What risk threshold would you accept to proceed without resolving a non-critical item (e.g., accept with mitigation, delay wave)? Options: Proceed with mitigation, Delay wave until resolved, Escalate to executive decision
      • If you could guarantee one thing about the pilot outcome, what would it be and why?

      Next Steps: Who Does What, When?

      • What is the ideal date by which you can provide full access and necessary approvals so we can start discovery? Options: Within 1 week, 1–2 weeks, 2–4 weeks, More than a month, Unsure
      • Which communication channel keeps your stakeholders most comfortable during execution (email, Slack/MS Teams, weekly sync, escalation-only)? Options: Email, Slack/Teams, Daily standup, Weekly governance, Ticketing system only
      • Who should receive daily readiness updates during pilot execution, and who is optional? Options: All named approvers, Program manager + app owners, Security lead + infra lead, Executive sponsor only
      • What remaining blockers would stop you from committing to the pilot dates right now?
      • Which artifacts can you provide immediately to accelerate readiness (access lists, network diagrams, runbooks, inventory), and which will require time to assemble? Options: Access lists, Network diagrams, Runbooks, Application inventory, Security policies, None currently available
    2. Migration Wave Execution

      Schedule and run pilot and subsequent waves with migration-factory cadence, cutover windows, and daily checkpoints.

    3. Validation Checklist

      Verify connectivity, performance, security/compliance, and cloud cost baselines; document results and authorize next waves.

      Validation Questions

      Quick Check-In: Who's In the Room?

      • Who will be our primary contact for validation checks and final approvals for this wave? Options: CIO/CTO, Cloud Program Director, VP Infrastructure, IT Operations Manager, Security Lead, Business Unit Owner, Other
      • Which hard deadline or milestone are we validating this wave against (pick the closest)? Options: Data center lease expiry, Vendor end-of-life, Board/strategic deadline, Internal migration milestone, Other
      • List any blackout windows, business events, or maintenance freezes in the next 30–90 days that will constrain cutover timing.
      • Which stakeholder groups must sign off before the next wave can start? Options: App Owners, Network/Connectivity, Security/Compliance, Finance/FinOps, Business Leaders, Platform/Cloud Ops, Other
      • How would you describe leadership’s current confidence in moving from validation to authorization for this wave? Options: Very confident, Somewhat confident, Neutral, Not confident

      What if Connectivity Fails at Cutover?

      • If network connectivity hiccups during cutover, which single business capability would be most critically impacted? Options: Customer transactions, Internal financial systems, Order processing, Payroll/HR, Production monitoring, Other
      • Which applications in this wave have dependencies on on-prem systems that cannot tolerate more than 5 minutes of outage? Please name them.
      • How complete is our documentation for IPs, routing, VPN/ExpressRoute, and peering configurations for the workloads in scope? Options: Complete and validated, Mostly documented (gaps), Partial documentation, No network documentation
      • Have we executed end-to-end connectivity tests (from users and external partners to cloud workloads) under both typical and peak loads? Options: Yes — multiple successful runs, Yes — one run, Planned but not executed, No
      • Please paste or summarize the most recent connectivity test results and the timestamp of that test.
      • Who is the designated on-call owner for immediate network troubleshooting during cutover (role/name)? Options: Network Lead, Cloud Ops Engineer, Platform SRE, Third-party Network Vendor, Other

      Are We Measuring What Matters?

      • Are our performance targets realistic, or are we at risk of declaring 'success' on metrics that don't reflect real user experience? Options: Targets are realistic and validated, Targets optimistic but achievable, Targets need review, Unknown
      • List the top 3 SLA or observable metrics that define success for this wave (for example: p95 latency, error rate, transactions/sec).
      • Do we have on-prem baselines for those metrics and the monitoring queries/dashboards prepared to compare pre- and post-migration? Options: Baselines + dashboards ready, Baselines ready; dashboards pending, Monitoring ready; baselines missing, Neither available
      • Have we performed capacity or load testing in the landing zone for the pilot workload? If yes, what was the outcome? Options: Yes — passed within thresholds, Yes — issues found and documented, Planned but not executed, No
      • What specific acceptance thresholds will trigger an automated rollback versus a continued remediation path?
      • Would synthetic transactions, real-user monitoring (RUM), or both be required to demonstrate parity for authorization? Options: Synthetic only, RUM only, Both synthetic and RUM, Neither required

      Are We Missing Security Alarms?

      • If the first critical security alert arrives after cutover, what single omission would we most regret not addressing beforehand?
      • Has a cloud security gap assessment for this landing zone and these workloads been completed and signed off? Options: Complete and remediated, Complete — remediation plan exists, Assessment done — no plan, Not performed
      • Which regulatory or compliance frameworks apply to these workloads (select all that apply)? Options: PCI-DSS, HIPAA, SOC2, GDPR, FedRAMP/DoD, Internal/Industry-specific, None/Other
      • Are IAM roles, least-privilege policies, and secret management for migration and post-migration accounts validated? Options: Fully validated, Partially validated, Planned, Not validated
      • Have we run vulnerability scans and DAST/SAST against the pilot workload and resolved all high/critical findings? Options: All high/critical resolved, Some high/critical remain, Scans run — results pending, Scans not run
      • Who formally signs security acceptance (role/title) and what evidence will they require to sign off?

      Can We Trust the Cost Numbers?

      • If cloud bills arrive 30% higher than projected in month one, what immediate action would leadership take? Options: Pause next waves, Increase budget, Enforce optimization sprint, Escalate to board, Other
      • Do we have a verified cost baseline comparing current data center spend to projected cloud spend for the workloads in this wave? Options: Verified by Finance/FinOps, Draft — needs validation, No baseline available
      • Which cost components worry you most for this migration? (select all that apply) Options: Egress bandwidth, Storage capacity/IOPS, Over-provisioned compute, License migration/bring-your-own-license, Support/third-party services, Unexpected data transfer costs, Other
      • Has FinOps validated and approved the tagging strategy, cost allocation, and forecast model for this wave? Options: Approved and implemented, Approved — not implemented, Under review, Not engaged
      • Would temporary guardrails (budget alerts, auto-scaling limits, spend caps) be acceptable to proceed while we monitor costs? Options: Yes — mandatory, Yes — conditional, No
      • What threshold of cost variance would require a pause and re-evaluation? Options: >10%, >20%, >30%, Depends on component

      Who Will Take Responsibility If Things Go Wrong?

      • Who will be accountable in the first 24 hours of a failed cutover—who is the single point of accountability? Options: Program Manager, Cloud Ops Lead, SRE Lead, Business Unit Head, Third-party Provider, Other
      • Please confirm or paste the RACI summary for migration day (who is Responsible, Accountable, Consulted, Informed).
      • Who is authorized to approve an immediate rollback and what exact conditions must be met for that approval? Options: Program Manager, Cloud Ops Lead, Security Lead, Business Sponsor, Other
      • Are escalation paths, 24/7 contact details, and vendor support contracts in place and tested for incidents during cutover? Options: Established and tested, Established not tested, Planned, Not in place
      • Are runbooks, playbooks, and on-call rosters accessible to all responders and ownership confirmed? Options: Yes — all accessible, Some gaps in access, No — not accessible
      • What is the expected internal communication cadence and audience for incident updates during the first 24 hours? Options: Every 15 minutes, Every 30 minutes, Hourly, Ad hoc as needed

      How Will We Capture and Share What We Find?

      • If validation uncovers hidden dependencies or config drift, where will we record and track those items so they’re resolved before the next wave? Options: Customer CMDB, Migration platform/ticketing, ServiceNow/Jira, Shared drive, Other
      • Do we have templates for validation evidence (metrics exports, packet captures, screenshots) and a post-validation report? Options: Templates ready and agreed, Templates exist — need minor edits, No templates
      • Who will own creation and distribution of the post-validation report and the remediation backlog? Options: Migration PM, Cloud Architect, Platform Ops, Security Manager, Business Owner, Other
      • How quickly must issues discovered in validation be logged and assigned in the tracking tool? Options: Within 1 hour, Within 4 hours, Within 24 hours, By next business day
      • Would automating evidence collection (scripts to collect logs/metrics) materially reduce manual effort and increase accuracy? Options: Definitely, Possibly, Not necessary

      Green Light or Pause: Making the Call

      • What exact, non-negotiable criteria across connectivity, performance, security, and cost must be met to authorize the next wave?
      • Who is the formal authorizer for proceeding to the next wave (role/title) and how will they sign off? Options: Program Sponsor, CIO/CTO, Cloud Program Director, Finance/FinOps Lead, Security Lead, Other
      • Is a mandatory post-validation review meeting required before authorization (and who must attend)? Options: Yes — required, Optional but recommended, No
      • If remediation is required, what is the maximum acceptable delay before reattempting validation? Options: <1 week, 1–2 weeks, 3–4 weeks, Depends on severity
      • If criteria are met, would you prefer a cautious partial rollout or a full wave cutover? Options: Partial rollout (canary), Full wave cutover, Hybrid approach, Undecided

      What's Still Keeping You Up at Night?

      • If you woke up tomorrow and this wave had failed, what single omission or assumption would you blame most?
      • Please rank your top three remaining concerns for this wave. Options: Connectivity/interdependencies, Performance/SLA shortfalls, Security/compliance gaps, Unexpected costs, Rollback complexity, Lack of ownership
      • What immediate support from our team would reduce your risk perception the most (select all that apply)? Options: Extra end-to-end testing, Dedicated SRE during cutover, Temporary cost guardrails, Extended monitoring/dashboards, Executive updates, On-site/war-room support
      • After this validation completes, how confident are you that you can authorize subsequent waves? Options: Very confident, Somewhat confident, Unsure — need remediation, Not confident
      • Any final notes, constraints, or success signals you want included in the handover packet?
  6. Success

    Review outcomes against success signals, capture lessons learned, and maintain a shared channel for issues and continuous optimization.

    Success Reviews

    • Success Review — Outcomes vs Success Signals
    • Lessons Learned & Continuous Improvement Workshop
    • Cost & Performance Optimization Review
    • Operational Handover & Shared Channel Setup
    • Executive Review & Strategic Next Wave Planning

    Issues & Enhancements

    • Agree on escalation paths, SLAs, and the operational cadence for continuous improvement.
    • Capture repeatable practices and update runbooks/processes accordingly.
    • Create and publish the prioritized improvement backlog in the project tracker with owners and dates.
    • Update migration runbooks and playbooks to include agreed improvements.
    • Schedule follow-up checkpoint to validate completion of high-priority backlog items.
    • One-sentence Current Cost/Performance State
    • Establish accepted cost and performance baselines for the migrated environment.
    • Agree a prioritized optimization plan with owners and expected savings.
    • Define measurement criteria and schedule for validating realized savings and performance improvements.
    • Implement top-priority optimizations (e.g., rightsizing pilot, enable autoscaling policies) and report results after agreed window.
    • Enable and share cost/perf dashboards with stakeholders and set alert thresholds.
    • Prepare a short ROI summary for executive review showing realized vs projected savings.
    • One-sentence Current Operations State
    • Create and populate the shared channel with correct membership and governance rules.
    • Confirm runbooks, playbooks, and access are in the operations team's possession.
    • Welcome & Objectives
    • Create the shared channel, add members, and publish the channel charter and message taxonomy.
    • Deliver final runbook pack and verify ops team acknowledgement.
    • Schedule the recurring ops cadence meetings and invite required participants.
    • Secure executive acceptance of outcomes and signoff on closure or continuation.
    • Executive Summary (One-sentence Current & Future State)
    • Obtain budgetary and prioritization commitments for next waves or modernization investments.
    • Align executives on residual risks and required governance.
    • Publish a one-page executive brief summarizing outcomes, ROI, recommended next steps, and approval requests.
    • If approved, finalize budget allocation and confirm wave sequencing and sponsors.
    • If additional analysis requested, scope and assign responsible parties with delivery dates.
    • Confirm which success signals were met, partially met, or missed.
    • Secure customer acceptance for closure or an agreed remediation path with owners and timelines.
    • Produce a short list of prioritized remediation items if any signal failed.
    • Publish the Success Signals Report comparing targets vs measured results and circulate to stakeholders.
    • Create remediation tickets for any failed signals with owners and target dates.
    • Schedule follow-up validation checkpoint if remediation is required.
    • Pre-work Review & Framing
    • Produce a prioritized improvement backlog tied to specific root causes.
    • Assign owners and realistic timelines for each improvement item.
    • Migration Timeline & Event Walkthrough
    • Baseline Metrics Presentation
    • One-sentence Current State
    • Runbook & Playbook Handover
    • KPI & ROI Highlights
    • Shared Channel Protocol
    • Consequence Quantification
    • Root Causes for Cost Variance
    • Structured Root Cause Analysis
    • Risk & Compliance Posture
    • Success Signals Walkthrough
    • Recommended Next-wave Priorities
    • Optimization Opportunities & Proofs
    • Wins, Workflows to Preserve
    • Escalation Paths & RTO/RPO
    • Ongoing Cadence & Checkpoints
    • Prioritized Improvement Backlog
    • Decision & Commitments
    • Prioritized Optimization Roadmap
    • Evidence & Proof Points
    • Validation & Commitment
    • Measurement & Validation Plan
    • Knowledge Transfer & Access Completion
    • Customer Validation & Acceptance
    • Decision & Next Steps
First-Party AI

1-2 minutes please — Your AI agent is working

First-Party AI™ can make mistakes. Always check important information.