.png)
Azure Cloud selected and next action
- Anand Nerurkar
- Aug 29
- 4 min read
Here’s a structured step-by-step approach you can take:
🔹 Step 1: Define Business Objectives & Success Criteria
Understand why migration: cost reduction, scalability, resilience, modernization, regulatory compliance.
Define KPIs: availability (e.g., 99.99%), latency reduction, TCO reduction, compliance adherence.
Identify critical workloads: core banking, lending, payments, data analytics.
🔹 Step 2: Assess Current Landscape (AS-IS)
Application portfolio: monoliths, microservices, 3rd-party systems.
Infra: on-prem DC setup, VMs, databases, network topology.
Data: structured (RDBMS), unstructured, big data.
Security & compliance posture (GDPR, RBI, PCI-DSS, SOX).
Dependencies (batch jobs, integrations, ESB, messaging).
👉 Deliverable: Application Assessment Matrix (Cloud readiness, Complexity, Criticality).
🔹 Step 3: Define Target State (TO-BE)
Cloud landing zone on Azure (subscription model, resource groups, policies).
Cloud architecture principles: microservices, containerization (AKS), event-driven, API-first.
Security: Azure AD, RBAC, Key Vault, Defender for Cloud.
Networking: VNET, NSG, WAF, Azure Firewall, ExpressRoute.
Data: Azure SQL MI, CosmosDB, PostgreSQL Hyperscale, Data Lake.
Resiliency: Active-active (South India ↔ Central India), Azure Traffic Manager/Front Door.
👉 Deliverable: High-Level Target Architecture Blueprint.
🔹 Step 4: Migration Strategy
Choose between:
Rehost (Lift & Shift) → For quick migration (VMs → Azure VMs).
Refactor → Move apps to Azure PaaS (App Service, AKS).
Rearchitect → Break monoliths into microservices.
Rebuild → Greenfield, cloud-native.
👉 Usually, digital lending platforms need mix of rehost + refactor + rearchitect.
🔹 Step 5: Data Migration & Compliance
Ensure data residency rules → India data stays in India, US data stays in US.
Azure Database Migration Service for live DB migration.
Data masking, encryption at rest (TDE), in transit (TLS).
Implement RPO/RTO objectives.
🔹 Step 6: DevSecOps & Automation
Azure DevOps pipelines (CI/CD).
Infrastructure as Code (Terraform/Bicep).
Automated compliance checks (Azure Policy).
Automated security scans (SonarQube, OWASP ZAP).
🔹 Step 7: Risk Identification & Mitigation
Business: downtime risk → Mitigate via phased migration + rollback plan.
Technology: app refactoring complexity → Mitigate via PoCs.
Security: regulatory fines → Mitigate via Azure Policy, Encryption.
Operations: skill gaps → Mitigate via cloud training.
People: resistance → Change management program.
🔹 Step 8: Pilot & Phased Migration
Start with non-critical workloads (HR apps, CRM).
Validate cloud readiness, latency, cost.
Expand to core lending workloads.
🔹 Step 9: Monitoring & Optimization
Azure Monitor, Log Analytics, Application Insights.
Cost optimization via Azure Advisor.
Continuous performance benchmarking.
✅ Final Deliverables as EA
Cloud Strategy Document
Migration Roadmap & Phasing
Target State Architecture (Azure)
Risk Register with Mitigation
Governance & Compliance Framework
TCO/ROI Analysis
Azure Migration Steps (Enterprise Architect View)
1. Business Alignment & Vision
Meet with business stakeholders to understand drivers:
Cost reduction, scalability, agility, compliance, innovation.
Define business outcomes & KPIs:
Uptime %, transaction latency, regulatory compliance, customer experience, TCO savings.
Establish migration strategy (Rehost, Refactor, Rearchitect, Rebuild, Replace).
2. Current State Assessment
Application Landscape
Inventory all applications, dependencies, DBs, integration points.
Infrastructure & Workloads
On-prem servers, VMs, storage, networking.
Data Landscape
DB size, performance, compliance restrictions (GDPR, RBI, SOX).
Security & Compliance
Identity, RBAC, data residency, encryption.
Use tools: Azure Migrate, Azure Discovery & Assessment.
3. Future State Target Architecture
Landing Zone Design (Azure CAF aligned):
Subscription strategy, resource groups, management groups.
Hub-Spoke VNet, Firewall, NSGs, ExpressRoute/VPN.
Microservices & Containerization:
Use Azure Kubernetes Service (AKS) for modern apps.
Data Layer:
Choose between Azure SQL, Cosmos DB, PostgreSQL, Data Lake.
Integration:
Use Azure Service Bus / Event Hub / Kafka.
Security & Compliance:
Azure AD, Conditional Access, Defender for Cloud.
Resiliency & DR:
Multi-region active-active or active-passive setup.
4. Migration Planning
Prioritize workloads:
Tier 1 (business critical), Tier 2 (supporting), Tier 3 (archival).
Migration Waves:
Pilot → Non-critical apps → Critical apps.
Data Migration:
Azure Database Migration Service, Storage Migration.
Automation:
Terraform/Bicep/ARM templates for infra as code.
5. Execution & Transition
Lift & Shift (Rehost) for quick wins.
Refactor: Move middleware-heavy apps to containers (AKS).
Rearchitect: Break monolith into microservices (DDD applied).
Rebuild/Replace: Adopt SaaS (e.g., Azure AI, Dynamics 365).
6. Operations & Governance
Monitoring & Observability:
Azure Monitor, App Insights, Log Analytics.
Cost Governance:
Azure Cost Management + FinOps.
Security Governance:
Policy-based controls, RBAC, Zero Trust.
Automation:
CI/CD via Azure DevOps or GitHub Actions.
7. Continuous Optimization
Performance Tuning (cache, CDN, scaling policies).
Resiliency Testing (chaos engineering).
Compliance Audits (GDPR, RBI, SOX).
AI/ML Integration for intelligent decision-making.
✅ Deliverables from EA:
Migration Roadmap (6–12–24 months).
Target State Architecture (Azure).
Business Case (cost, ROI).
Risk Register + Mitigation Plan.
Governance Framework (Cloud Adoption Framework).
1. Business KPIs
Cost Reduction % – Infra cost pre vs post migration (on-prem TCO vs Azure consumption).
Time-to-Market – Deployment cycle time reduction after Azure adoption.
Customer Experience – Page load times, app response times, downtime impact.
Revenue Impact – Increase in digital channel adoption / loan disbursement speed.
Service Availability – % uptime (measured against SLA, e.g., 99.99%).
2. Technology KPIs
Application Performance – Avg response time, API latency.
Scalability – # of transactions per second supported under load.
Cloud Utilization Efficiency – % of over-provisioned vs right-sized workloads.
Defect Density – Production defects pre vs post migration.
CI/CD Velocity – Build, test, release frequency vs baseline.
3. Security & Compliance KPIs
# of Security Incidents – Unauthorized access attempts, breaches.
Vulnerability Patching SLA – % patched within defined SLA.
Compliance Adherence – GDPR, RBI, PCI DSS audit pass rate.
Identity & Access Management – MFA adoption rate, least-privilege enforcement %.
Data Residency Compliance – % workloads aligned with regional regulations (India data stays in India, etc.).
4. Operations KPIs
MTTR (Mean Time to Recovery) – How quickly workloads recover from failure.
MTTD (Mean Time to Detect) – Time taken to detect issues.
Incident Volume – # of Sev 1/Sev 2 incidents/month.
Automation Coverage – % infra provisioned through IaC (Terraform, Bicep, ARM).
Change Failure Rate – % of failed releases in pipeline.
5. People & Process KPIs
Cloud Skills Uplift – % of workforce certified/trained in Azure.
Adoption Rate – # of business units actively consuming Azure services.
DevOps Adoption – % of projects using CI/CD pipelines.
Team Productivity – Story points delivered per sprint post-migration.
Collaboration Metrics – # of cross-team initiatives delivered successfully.
Comments