In This Article
- Why Assessment Before Migration Is Non-Negotiable
- Application Discovery: Finding What You Actually Have
- The 8-Dimension Scoring Framework
- Technical Assessment: Architecture, Dependencies, and Debt
- Business Assessment: Value, Cost, and Strategic Fit
- Score-to-Strategy Mapping: Which R for Each Application
- Dependency Mapping: Migration Groups, Not Individual Apps
- Assessment Deliverables: The Migration-Ready Portfolio
- Go Deeper
Why Assessment Before Migration Is Non-Negotiable
A financial services company starts migrating without a portfolio assessment. The infrastructure team picks applications based on perceived simplicity — "this one looks easy." Application #3 turns out to depend on a shared database that 12 other applications also use. Migrating it requires migrating the database, which means migrating the 12 dependent applications simultaneously — or building a complex hybrid connectivity layer. What was "easy" becomes a 6-month cross-team initiative that delays the entire migration program. Application #7 is migrated to a cloud VM, but post-migration performance testing reveals it requires GPU compute that costs 4x the budget. Application #15 is migrated, and then someone discovers it processes HIPAA-regulated data that has data residency requirements the target Azure region doesn't meet.
Every one of these surprises was discoverable in a 3-week assessment. The assessment costs 3% of the total migration budget. Skipping it produces surprises that cost 30-50% of the budget in rework, delays, and redesign. Assessment isn't optional — it's the highest-ROI phase of the entire migration program.
Application Discovery: Finding What You Actually Have
Most enterprises don't have an accurate application inventory. The CMDB says 250 applications. The actual count — including shadow IT, departmental tools, legacy systems nobody documented, and the 15 spreadsheet-based "applications" that Finance depends on — is 350+. Discovery closes this gap before scoring begins.
Automated Discovery
Azure Migrate Discovery: Deploys an appliance in your datacenter that scans VMware/Hyper-V environments, discovering: VMs and their resource utilization (CPU, memory, disk, network), installed applications and dependencies, database instances and versions, and performance data over 30 days. The 30-day performance data is critical — it shows actual utilization (not provisioned capacity), revealing which VMs are over-provisioned and which hit capacity constraints.
Network dependency mapping: Captures network connections between servers — which servers communicate with which, on which ports, at what frequency. This reveals application dependencies that no documentation captures: the web server that calls 3 backend APIs, the batch job that reads from 2 databases and writes to a shared file server, and the legacy system that communicates via FTP with 5 partners. Without dependency mapping, migrating one application unknowingly breaks 3 others.
Manual Discovery Supplement
Automated discovery captures infrastructure. Manual discovery captures business context: who owns this application? How many users? What business process does it support? What's the impact if it's unavailable for 4 hours? Is there a SaaS replacement available? This context comes from application owners through structured questionnaires — 15 minutes per application, producing the business context that automated tools can't capture.
| Discovery Method | What It Captures | Duration | Coverage |
|---|---|---|---|
| Azure Migrate | VMs, resources, utilization, dependencies | 30-day scan | All virtualized workloads |
| Network analysis | Server-to-server communications, ports, frequency | 7-14 day capture | All network-connected systems |
| Owner questionnaire | Business context, users, impact, SaaS alternatives | 2-3 weeks | All known applications |
| CMDB reconciliation | Gap analysis between CMDB and discovered reality | 1 week | Identifies shadow IT and undocumented systems |
The 8-Dimension Scoring Framework
| Dimension | Weight | Score 1 (Low/Easy) | Score 5 (High/Complex) |
|---|---|---|---|
| 1. Business Value | 15% | Used by <10 people, could be retired | Revenue-generating, 500+ users, mission-critical |
| 2. Technical Debt | 15% | Modern stack, well-maintained, documented | Legacy stack, undocumented, single maintainer |
| 3. Cloud Readiness | 15% | Containerized, stateless, API-based | Mainframe, proprietary OS, hardware-dependent |
| 4. Dependencies | 10% | Standalone, no integrations | 20+ integrations, shared databases, circular deps |
| 5. Data Sensitivity | 10% | Public data, no compliance requirements | PII, HIPAA, PCI-DSS, data residency constraints |
| 6. Operational Cost | 10% | <$10K/year infrastructure + support | >$200K/year infrastructure + support |
| 7. Modernization Benefit | 15% | No benefit from cloud (batch job, static) | Massive benefit (auto-scale, global, DevOps) |
| 8. Migration Risk | 10% | Low risk — standard migration, clear rollback | High risk — complex cutover, no rollback path |
Technical Assessment: Architecture, Dependencies, and Debt
Architecture analysis: Is the application monolithic or modular? Monoliths migrate as units — you can't migrate half. Modular applications (microservices, SOA) can migrate component by component, reducing risk per migration step. Document: application layers (web, API, business logic, data), communication patterns (synchronous REST, asynchronous messaging, shared database), state management (stateless, sticky sessions, local file storage), and external dependencies (third-party APIs, license servers, hardware dongles).
Technical debt scoring: Applications with high technical debt are risky to migrate — the migration may surface bugs that were latent on-premises. Indicators: age of the technology stack (how many versions behind current?), test coverage (does automated testing exist?), documentation (can someone other than the original developer maintain it?), and deployment process (automated CI/CD or manual copy-paste?). High-debt applications need stabilization before migration — or a deliberate decision to refactor during migration.
Dependency mapping detail: For each application, document: upstream dependencies (what feeds data to this application?), downstream dependencies (what consumes this application's output?), shared resources (shared databases, file shares, message queues), and integration patterns (API calls, file transfers, direct database reads, message bus). Dependencies determine migration groups — applications that share a database migrate together, not independently.
The most common migration blocker isn't technical complexity — it's undiscovered dependencies. Application A seems simple. But it shares a database with Applications B, C, and D. Migrating A requires either migrating B/C/D simultaneously (scope explosion) or implementing hybrid database connectivity (latency and complexity). Dependency mapping discovers this before migration planning, not during migration execution. Invest 2 weeks in thorough dependency mapping — it prevents months of rework.
Business Assessment: Value, Cost, and Strategic Fit
The business assessment determines whether the application is worth migrating at all — and if so, how much investment is justified.
Business value quadrant: Plot each application on two axes: current business value (revenue impact, user count, process criticality) and future strategic importance (is this application part of the company's future or being replaced?). High-value + strategic = invest in proper migration (replatform or refactor). High-value + legacy = migrate efficiently (rehost) while planning replacement. Low-value + any = retire if possible, rehost cheaply if necessary.
Total cost of ownership analysis: For each application, calculate current TCO (infrastructure, licensing, support personnel, downtime cost) and projected cloud TCO (compute, storage, networking, managed services, support). The TCO comparison should include: right-sized cloud resources (not 1:1 mapping of on-prem specs), reserved instance pricing for steady-state workloads, and elimination of on-premises overhead (datacenter, hardware refresh, OS patching). Applications where cloud TCO exceeds on-prem TCO by more than 20% should be flagged for architecture review — there may be a more cost-effective cloud architecture, or the application may be a retain candidate.
Score-to-Strategy Mapping: Which R for Each Application
| Score Profile | Recommended Strategy | Rationale |
|---|---|---|
| Low value + low complexity + no modernization benefit | Retire or Rehost (cheaply) | Not worth investment; move as-is or decommission |
| High value + low complexity + moderate benefit | Replatform | Best ROI — managed services reduce ops, minimal rework |
| High value + high complexity + high benefit | Refactor | Strategic app benefits from cloud-native; justify the investment |
| Any value + SaaS available + commodity function | Repurchase | Why maintain what a vendor does better? |
| Any value + regulatory constraint blocking cloud | Retain | Keep on-prem; revisit when constraint changes |
| Low value + unused + no business owner | Retire | Nobody uses it; decommission and save the cost |
Dependency Mapping: Migration Groups, Not Individual Apps
Applications don't migrate individually — they migrate in dependency groups. A dependency group is a cluster of applications that share resources (databases, APIs, file stores) and must migrate together to avoid cross-environment communication complexity.
Group identification process: start with the dependency map from discovery, identify shared resources (each shared database creates a group), merge groups that share resources transitively (if A shares a DB with B, and B shares an API with C, then A/B/C are one group), and size each group (number of applications, total infrastructure, estimated migration effort). Small groups (2-3 apps) migrate in a single wave. Large groups (10+ apps) may need internal sequencing — migrate components in sub-waves with temporary hybrid connectivity.
Assessment Deliverables: The Migration-Ready Portfolio
The assessment produces four deliverables that drive all subsequent migration activity:
Scored Application Inventory
Every application scored across 8 dimensions with recommended 6R strategy, estimated effort, estimated cost, and assigned migration group. This is the master document that planning, execution, and governance reference throughout the migration program.
Dependency Map
Visual representation of application dependencies — which applications connect to which, through what interfaces, with what data flows. The dependency map determines migration group composition and wave sequencing.
Wave Plan
Migration waves sequenced by: dependency groups (linked apps migrate together), risk profile (low-risk first to build team capability), business impact (migrate during business-appropriate windows), and resource availability (team capacity per wave). Typically 4-6 waves over 6-12 months for a 200-app portfolio.
Business Case
TCO comparison (on-prem vs. cloud per application and in aggregate), migration investment estimate, projected annual savings, payback period, and risk summary. The business case is what secures budget and executive sponsorship for the migration program.
The Xylity Approach
We execute portfolio assessments in 3-4 weeks — automated discovery with Azure Migrate, dependency mapping with network analysis, owner questionnaires for business context, and 8-dimension scoring for every application. Our cloud architects and Azure engineers produce the scored inventory, dependency map, wave plan, and business case that transform a vague "migrate to cloud" directive into a structured, fundable program.
Go Deeper
Continue building your understanding with these related resources from our consulting practice.
Assess Before You Migrate
8-dimension scoring, dependency mapping, wave planning. The portfolio assessment that prevents the migration surprises that cost 30-50% of budget.
Start Your Portfolio Assessment →