10 Legacy Cloud Considerations
Working with clients over the past twelve years, I’ve seen cloud services evolve more quickly than knowledge about how best to use them. To…
Working with clients over the past twelve years, I’ve seen cloud services evolve more quickly than knowledge about how best to use them. To that end, my recent contracts have involved more and more modernization work of legacy cloud applications. We discover common opportunities for improvement across many of these applications.
Discover the current state in appropriate detail via patterned inquiry .
Answers to a standard set of questions allow us to assess, prioritize and determine how to update legacy cloud applications effectively. To that end, I’ll share our top 10 considerations (as groups of questions) in this article.
First: Practices
Who is your dev team? — who has what access to your cloud projects?
Where is the Dev project? Where is Prod? Do you ‘dev-in-prod’?
How do you make infra changes — by clicking in the console?
Where is your application source code?
Do you have any infra scripts? — are they checked in to source control
Have you had any unplanned downtime? — when? how long?
Do you have key user stories?
Second: Data
Where is your data? In buckets? SQL, NoSQL?
Which data has PII?
Is data stored in appropriate data center locations per compliance requirements?
Where are your data backups stored? — when did you last test restoring?
Do you have a DFD?
Third: Permissions
Are your IAM permissions assigned globally (project level) or by object?
Are any buckets public? any database endpoint public?
Does your provider warn about ‘excess permissions’ assigned?
Forth: Compute
Are you using VMs? or Docker container images?
If VMs, are they right-sized for the work loads?
Do you have images (backups) of those VMs? — are they load-balanced?
If containers, who manages the orchestration? — vendor or you?
Fifth: Networks
Do you have a front-end & a back-end (protected) VPC? — what is where?
Are VPC flow logs enabled and reviewed?
Does your provider warn about ‘excess/open’ firewall rules?
What is the status of your SSL certificate?
Sixth: Secrets
Where are your service account keys (JSON) files stored?
Are any secrets hard-coded (and checked in)?
Are any database connection strings (passwords) hard-coded?
What type of encryption keys are you using?
Seventh: Tests
Does your application code include unit tests?
Are these tests run before pushing updates?
Are any tests commented out?
How is integration testing done? — manually or not at all?
Do any application errors exist currently?
Eighth: Updates
How often do you successfully push out new features?
If using VMs, do you push new VMs with new code? — or update the code on the VMs
How does data get into your system?
Ninth: Costs
Who manages billing?
What is the budget for spend and are you on target?
What kind of support plan have you purchased?
Tenth: Learning
How does your technical team learn to cloud?
Is your team certified?
Do you have dedicated, regular learning time? when?
My teams start the process of modernizing non-optimal cloud applications by taking the time to do detailed and systematic inquiry using question sets similar to what I’ve shared above. Our inquiry drives system update velocity because it reveals current state weaknesses. We use the results to create our prioritized work streams and to communicate with stakeholders and technical teams.
What about you? What is your process for deciding how to update legacy cloud apps?