Migration
Cloud migration from legacy and on-prem
We move applications and data from legacy platforms to modern cloud — in stages, with clear exit criteria and a plan for what comes along, what gets rewritten and what gets retired.
Migration without big bang
How we move without tipping the business over
- One workload at a time, not all in one weekend
- Phased
- Old and new coexist during verification
- Parallel
- Data checks before every cutover
- Validation
- Every step has an explicit exit plan
- Rollback
How we move to cloud
Phased migration — no big-bang cutover.
Cloud migrations fail in the same ways every time: everything has to ship at once, there's no honest inventory of what actually needs to come along, and when something doesn't work in the new environment, it's straight back to the old stack — now with two systems to maintain. We work differently: one workload at a time, parallel operation where it makes sense, and an exit strategy for every step so no surprises can lock us in.
We always start with a mapping. What's actually running today, which systems depend on what, where is data sensitive and where is it just old? The result is an honest list: what can be lifted as is (lift-and-shift), what should be re-platformed (same function, new stack), what should be re-written (old code that costs more to move than to reinvent), and what should be retired. That list is the most important document in the entire project.
We move you to the cloud that fits — typically Cloudflare for edge-heavy workloads, Vercel for Next.js apps, AWS for things that need core services (RDS, S3, SQS), or a combination. We have no incentive to push one vendor over another — our incentive is that you don't regret the choice in two years.
What we deliver
A migration that doesn't tip the business over.
Discovery, parallel operation, data validation and an exit plan for every step.
Discovery and workload mapping
We start with 1–2 weeks reviewing your current setup: dependency graph, data ownership, integrations, operations team, compliance requirements. You leave discovery with a concrete migration plan, not a PowerPoint.
Phased migration with parallel operation
We move one workload at a time and run it in parallel with the old system as long as verification needs it. Traffic shifts gradually via DNS or an API gateway — no big-bang cutover weekends.
Data migration with validation
Data moves with scripts that both migrate and validate (record counts, checksums, sample comparisons). We run delta syncs while old and new coexist so you never lose data created in the middle of migration.
Re-platforming where it makes sense
Some workloads shouldn't just be moved — they should be re-platformed to managed services. A self-hosted PostgreSQL becomes RDS or Supabase. A cron server becomes Lambda or Vercel Cron. We assess per workload whether the effort pays off.
Security and access from the start
The identity platform is designed before the first workload moves. IAM roles, secret management (AWS Secrets Manager, Doppler), network segmentation and audit logging are in place before we put the first container in production.
Clear exit strategy for every step
Each migration phase has a defined rollback plan before we begin. If something doesn't work in production, we point DNS back and take another round. Moving needs to be safe — otherwise it never gets done.
Before we start
What you should consider first.
Lift-and-shift vs. re-platforming
Lift-and-shift is fastest and cheapest up front, but you bring the old operational habits with you. Re-platforming costs more up front but gives you the operations and developer pace you actually migrated for. We typically recommend a mix: lift-and-shift for time-critical workloads, re-platforming for what benefits most from managed services.
Dependency graph and order
You can't move a workload until its dependencies are moved (or available from the new location). We use the discovery phase to build the dependency graph and find the order — typically the least coupled systems first, then the most central, then the innermost.
Operations during migration
Migration isn't a freeze period where your team takes a break. Business continues, support tickets and feature requests keep coming. We design the migration so it doesn't block normal development — typically by having the old system continue to take new changes until that workload is up for migration.
Compliance, GDPR and data residency
Should data stay in EU? Are there ISAE-3402 requirements on operations? Do you have healthcare data under specific regulations? It needs to be settled in discovery — that drives both cloud choice, region choice, and which managed services are on the list. We design around the compliance frame, not the other way around.
FAQ
What people usually ask.
How long does a typical migration take?
Depends entirely on the number of workloads, their dependencies and your tolerance for parallel operation. A single monolithic application can be moved in 4–8 weeks. A portfolio of 10–20 services with deep internal dependencies typically takes 4–9 months spread across multiple phases. We give a realistic estimate after discovery — not before.
Do we have to move everything or can we go gradually?
Gradually. We almost never recommend moving everything at once. Phased migration lets you learn the new platform while the old one still runs, catch surprises early, and roll back if something doesn't work — without the entire business standing still.
What about legacy systems no one understands anymore?
That's often the hardest part — and the one we spend the most time on in discovery. If source code exists, we read it. If not, we document the system's actual behaviour through observation: which API calls it makes, which data it reads/writes, what the edge cases are. Only when we truly understand it do we decide whether it should be lift-and-shifted, rewritten or retired.
Can we combine multiple clouds?
Yes, and it's often the right answer. We've set up architectures with Cloudflare edge in front of a Vercel frontend in front of an AWS backend, or with Azure for AD-integrated services and AWS for the rest. Multi-cloud is complexity — but it's often the easiest path when a single vendor doesn't cover all requirements.
How do you handle downtime during cutover?
With proper preparation, there's typically no noticeable downtime. We set up the new platform in parallel, sync data continuously, and switch traffic via DNS or an API gateway once the new one is verified. For workloads where a short maintenance window is acceptable, we plan it well in advance and communicate it to end users.
Related services
- CloudflareDNS, WAF, Workers, R2 and Pages — set up correctly from the start, so Cloudflare actually works for you.
- VercelHosting, preview deploys and edge functions set up so Next.js delivers what Vercel promises.
- AWSECS, Lambda, RDS, S3 and VPC — designed, codified in Terraform and operated with observability from day one.
Ready to get started?
Let's have a no-pressure conversation.
We'll get back within one business day with concrete input — not a stock proposal.