Category: checklists

  • Migration checklist

    Migration checklist

    Basic information

    • System or platform name
      • What are the internal names, project names, jargon, nicknames, pet names for the platform(s) and environment(s)?
    • What environments are there?
      • Classic DTAP or another model?
    • Business purpose of the platform (what does it do for the company?)
    • Owner / single point of contact for the platform
      • If there is no single point of contact, contacts for each environment or separated responsibility within the platform
        • Software deployment lifecycle (SDLC)
        • Infrastructure
        • Datacenter team
        • Crisis management
        • Information security
        • Architecture
    • Who uses it (per environment) ?
      • Internal users (+estimated number)
      • External users (+estimated number)
    • If non-standard DTAP
      • Criticality level per environment

    People & Processes

    • How do users interact with the system daily?
    • Which business processes rely on this system?
    • Any undocumented tribal knowledge?
    • Any user groups at risk during migration?

    Risks & Constraints

    • What absolutely cannot go down during migration?
    • Any critical dates (e.g. billing cycles, audits)?
    • Sensitive data or legal/compliance constraints?
    • Outstanding incidents, bugs, or known issues?

    Architecture

    • Monolith, microservices or hybrid?
      • Schema’s, flowcharts, graphics, data flow diagrams?
    • On-prem, cloud or hybrid?
    • Running on VM’s, bare metal or containers?
    • OS details (types, versions?)
    • Languages / frameworks used in application(s)?
    • Is there a CI/CD pipeline? How is code deployed?

    Network & Infrastructure

    • Existing network diagrams
      • If nonexistent, sketch one
    • Inbound
      • Ports
      • Protocols
      • Load balancers
    • Outbound
      • APIs
      • Third party services
    • Firewalls, NAT, proxies?
    • DNS structure / domain naming?
      • Internal
      • External

    Data & Storage (state)

    • Databases
      • Type(s)
      • Version(s)
      • Size(s)
    • Where is the data physically stored?
      • Does this location matter for the company?
    • Any data that _must_ not move (e.g. compliance?)
    • Existing backups? Last tested when?
    • Any shared filesystems, blob/object storage?

    Application landscape

    • Which applications are running?
      • Don’t forget cronjobs / systemd timers
      • Don’t forget custom scripts
    • What depends on what?
      • Dependency graph from app. perspective
        • Sketch one if it’s not there
    • Any blackbox components?
      • Closed source
      • Undocumented
      • Unknown-operation application/code?
    • Upcoming (or passed) or EOL components?

    Security & Access

    • What authentication methods are used?
      • Local
      • LDAP
      • SSO
      • OAuth?
    • User roles / access control model?
      • Is there a matrix table for it?
      • If not – make it or have it made
    • How are secrets handled?
      • Hardcoded
      • Ansible vault
      • env files
      • etc.
    • Network segmentation
    • Firewall rules
    • Last security audit?
      • Any open issues?

    Monitoring & Logging

    • What logs exist?
    • Where are they stored?
    • What is their (mandatory) retention?
    • Is monitoring in place?
      • Prometheus, Zabbix..
    • Are there alerts?
      • Who gets them?
    • Any trends in resource usage?

    External Dependencies

    • Are there integrations with third-party API’s or services?
    • API keys or tokens in use?
    • Any licenses, usage limits or contracts?

    Ready for Migration Planning

    • Is the environment fully mapped?
    • Can parts of the system be moved independently?
    • What goes first? What can wait?
    • What needs testing before production cutover?