Module 02
Plan migration activities, establish landing zones, discover applications, and select the right migration strategy for each workload.
The Mobilize phase bridges assessment and execution. At this stage, no workloads have moved yet — the focus is on strategic planning, closing gaps identified during assessment, building cloud skills, and preparing the target environment.
| Component | Focus Area |
|---|---|
| Portfolio Discovery | Collect and rationalize application portfolio data |
| Business Case | Build comprehensive cost justification with detailed projections |
| Migration Governance | Establish decision frameworks and approval processes |
| Application Migration Planning | Define per-application migration approach |
| Landing Zone | Set up the initial AWS baseline environment |
| Operations | Design the cloud operational model |
| Security & Compliance | Address security, risk, and regulatory requirements |
| People & Skills | Develop cloud skills and manage organizational change |
For AnyCompany Bank, the Security & Compliance component is particularly critical. Financial regulators require documented evidence of governance frameworks, data classification, and access controls before any production workloads can move to cloud infrastructure.
A landing zone is the foundational AWS environment into which workloads will be migrated. It establishes the multi-account structure, networking, identity management, and governance controls that all migrated workloads will inherit.
Manually create and configure your multi-account baseline. You define the organizational unit (OU) hierarchy, apply service control policies (SCPs), tagging policies, and backup policies at the appropriate levels. This approach offers maximum flexibility but requires more expertise.
A managed service that orchestrates multiple AWS services to automate the setup of a governed multi-account environment. It integrates Organizations, IAM Identity Center, and Service Catalog into a streamlined experience.
AnyCompany Bank requires strict account separation between production banking systems, development environments, and regulatory reporting workloads. Control Tower's guardrails help enforce compliance boundaries — for example, preventing production data from being accessed in development accounts, or ensuring encryption is always enabled on storage resources.
AWS Application Discovery Service helps plan migrations by automatically identifying servers, applications, and their dependencies running in on-premises data centers. The collected data feeds into Migration Hub for portfolio analysis.
Deploy the Agentless Collector as an OVA file through VMware vCenter. Once configured, it identifies virtual machines and hosts associated with vCenter, collecting VM inventory, configuration details, and performance metrics. Data is encrypted in transit to AWS.
VMware environments where you need a quick inventory without installing software on individual servers.
Install the Discovery Agent on each VM and physical server. Available for both Windows and Linux, the agent collects detailed static configuration data, time-series performance information, network connections, and running processes.
Environments requiring deep dependency mapping and process-level visibility, including physical servers not managed by VMware.
| Feature | Agentless Collector | Discovery Agent |
|---|---|---|
| VMware VM support | ✓ | ✓ |
| Physical server support | ✗ | ✓ |
| Deployment model | Per vCenter | Per server |
| Static configuration | ✓ | ✓ |
| VM usage metrics | ✓ | ✗ |
| Network connections & processes | ✗ | ✓ (export) |
AnyCompany Bank's security team may have concerns about deploying agents on production banking servers. The agentless approach via vCenter is often preferred for initial discovery of production environments, while agent-based discovery can be used in development and staging environments where deeper dependency mapping is needed.
Every application in your portfolio needs a migration strategy. The 7 Rs framework provides a structured way to decide how each workload should be handled — from simple lift-and-shift to complete re-architecture.
| Strategy | Also Known As | Description |
|---|---|---|
| Relocate | — | Move hundreds of applications rapidly using VMware Cloud on AWS without modifications |
| Rehost | Lift & Shift | Move applications as-is to AWS; often represents the majority of initial migrations |
| Replatform | Lift & Reshape | Make targeted optimizations (e.g., move to managed services) without changing core architecture |
| Repurchase | Drop & Shop | Replace with a SaaS equivalent (e.g., CRM to Salesforce, HR to Workday) |
| Refactor | Re-architect | Completely redesign using cloud-native patterns for maximum benefit |
| Retire | Decommission | Turn off applications no longer needed — typically 10–20% of any portfolio |
| Retain | — | Keep on-premises for now — not every workload is ready or suitable for migration |
| Strategy | Effort (Cost & Time) | Optimization Opportunity |
|---|---|---|
| Retain | None | None |
| Retire | Minimal | None |
| Rehost | Low | Low |
| Relocate | Moderate | Moderate |
| Replatform | Moderate | High |
| Repurchase | Moderate | Medium-High |
| Refactor | Highest | Highest |
Many organizations start with rehost to get workloads into the cloud quickly, then progressively modernize once they're running on AWS. It's often easier to optimize applications after they're already in the cloud environment.
AnyCompany Bank's core banking platform might follow a phased approach: rehost the monolithic application first to meet data center exit timelines, then replatform the database layer to Aurora, and eventually refactor payment processing into microservices. Regulatory reporting systems that are being replaced by new platforms would be candidates for retire.
Migration Hub serves as the central command center for your entire migration program. It integrates discovery tools, planning capabilities, strategy recommendations, and progress tracking into a single interface.
Migration Hub can ingest data from multiple sources to build a comprehensive view of your portfolio:
Orchestrator automates and scales migrations using workflow templates. It synchronizes multiple tasks, manages dependencies, and provides end-to-end visibility from planning through cutover — all at no additional cost beyond the AWS resources provisioned.
This capability analyzes your server inventory, runtime environment, and optionally source code and database schemas to recommend viable transformation paths. It helps determine which applications are good candidates for rehosting versus those that would benefit from replatforming or refactoring.
For AnyCompany Bank managing hundreds of applications across multiple business lines (payments, lending, wealth management), Migration Hub provides the portfolio-level visibility needed to coordinate migration waves without disrupting interconnected banking services.