Be data-driven and use discovery tooling to avoid disruptions

Being data-driven is critical when considering retiring applications. Architecture diagrams and institutional knowledge can easily be outdated or incomplete. Sometimes unanticipated problems can also surface, such as another application becoming dependent on your system without formal engagement due to a break-fix scenario.

A data-driven approach provides the foundation on which you can make decisions or validate an approach. When assessing if an application can be retired, you must confirm that the workloads you are migrating aren’t dependent on it. Migrating those workloads and then retiring a dependency could cause a service degradation, or worse, a service interruption.

Fortunately, it’s fairly straightforward to understand these dependencies by using data to monitor the network inbound and outbound connections on a server that is scheduled for retirement. Network inbound connections, such as an application connecting to your application, and outbound connections, such as a file upload to a Network File System (NFS) share, indicate a potential upstream dependency. This dependency needs to be investigated, because if a workload that's due to be migrated to the AWS Cloud connects to the application, there’s a potential for service disruption if the application is retired later on. This process might require diving deep to follow the dependency chain. Following the previous example, if the application uploads a file to an NFS share, the next step is to determine which system consumes that file and the status of that application.

You might decide to investigate those connections and assess the impact level. To do this, you can use discovery tooling to show the connections being initiated to a server that is scheduled for retirement. You might notice that most connections are from management servers and can be ignored, because they are tools that collect performance metrics or system administrator proxy instances. However, if there are applications connecting to the server that are scheduled for migration, you should dive deeper and check the potential impact of migration on that application.

AWS Application Discovery Service helps customers plan migration projects by gathering information about on-premises data centers that they are planning to retire. After you deploy the agent to your servers, Application Discovery Service records inbound and outbound network activity for each server, along with other information. By using Amazon Athena to analyze this data, you can identify if other applications are depending on servers that are planned for retirement. AWS Migration Competency Partners can also provide deep discovery and planning tooling.

For example, the following screen illustration shows four source IP addresses connecting to the server on port 22 (destination = 172.31.1.117).

These are bastion hosts that are used by the system administrators and can be ignored. The image also shows two servers connecting to this application on port 80, which are in scope of a planned migration. At this stage, you would need to dive deeper and understand the connecting applications. This deeper analysis will allow you to assess if there will be any upstream impact after retirement.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Identify and retire applications early in your migration

Schedule a controlled stop