Best practices for a successful migration to PingAccess® Platform from Oracle Access Manager

As the business world has become increasingly global, virtual, and decentralized, Infrastructure Identity and Access Management (IAM) systems have been challenged to keep pace with changing business needs.

• Persistent was selected by a Bay Area based networking services giant to help the enterprise smoothly migrate approximately 5000 applications—both on premise and cloud-based—from Oracle Access Manager to the next generation, Ping Identity Platform with minimal disruptions on the part of the internal and external users. 
• 3000 Applications migrated through self-service tool / fully automated
• 2000 Applications migrated through Policy management tools (semi-automated)

Although Persistent has handled large-scale migrations and integrations around the world for more than 30 years for a variety of industries, our engineers, developers, and client teams add to the company’s accumulated expertise with every completed project.

Here are fifteen best practices from the Persistent migration playbook that were applied to this migration effort to ensure the 2 years project was completed successfully.

Five don’ts for better migrations

1. Don’t overlook stakeholder input when setting migration timelines: Identity migrations are complex, requiring up to eight hours of downtime. Avoid deciding migration timelines without involving all application owners first, to gauge support and improve timeline accuracy.
2. Don’t assume the migration resources you need are readily available: Although it may slow the scoping and quoting phase of the project, it’s important to confirm access and rights are available for all servers, applications, virtual machines and the links. Lack of access identified once the project is underway can significantly slow progress as proper rights are sought out.
3. Don’t forget about dependencies: Use a checklist to help avoid runtime dependencies and circulate the checklist well in advance with all stakeholders.
4. Don’t forget third-party integrations: Catalog in advancehow third-party applications are connecting to the application being migrated, listing any challenges. Be sure to add these integrations to testing scenarios to be executed after successful migration to ensure a complete cutover.
5. Don’t test in production environment: Always use a dedicated simulation environment that matches production, for testing. Only after a successful migration in the test environment, should actual migration begin.

Ten do’s for better migrations

1. Define Scope and roadmap: Create inventory – List all platforms and applications. Identify POC , Complexity for each. Identify critical path Platforms and Applications, engage in early stages. Work with other transformations / migrations within org. Work with vendor (Ping) to bridge technical gaps in new product.
2. Do form a team of subject matter experts: Work with them throughout the project to ensure a complete and detailed understanding of the needs of the business, every aspect of the IT environment, the user experience, the project scope, and more.
3. Do make sure representatives from every IT team are involved in the planning and update meetings: This includes Networking, Hosting, Application, Management, Security and more. 
4. Do engage top-level management to serve as project champions and drive communication: So many large-scale IT projects fail due to lack of executive engagement or understanding from the beginning. At a minimum, the executive team should understand the business need, expectations, metrics for success, timelines, and should be willing to take an active role in change management communications.
5. Do develop a Migration Validation Acceptance Criteria plan: The plan should capture:
   • Proof of concept from each application
   • Access rights for each lifecycle server (Login and SUDO access)
   • Application architecture overview
   • Access control lists (ACL) requirements
   • Dates of migration for each lifecycle, capturing development, staging, and production
6. Do define a rollback strategy: In the event a migration doesn’t perform as intended, ensure you have a rollback strategy in place to minimize disruption and downtime. Keep the strategy accessible where everyone can reference it.
7. Do take advantage of automation opportunities: Develop and utilize automation scripts wherever possible for repeated tasks to accelerate the project, eliminate variability and human error, and allow the team to focus on higher-value needs. Build self-service tool for app owners perform migration at ease. Provide tools to validate new technology integrations ex – OAuth / OIDC / SAML. Provide tools to identify technical dependencies, ex – scan git repo / logs to identify App type (API or WEB)
8. Do create a Knowledge Center for project stakeholders: Populate it with extensive documentation, webinars, videos, wikis, updates, reports and more. Define best practices for new tech stack, and make sure they are followed. Provide code samples to simplify integration.
9. Do develop a readiness checklist: Ensure that it outlines each phase of the project; pre-migration, migration, and post-migration.
10. Do plan discovery meetings with each application owner: Schedule them well in advance to gather required data (app name, webserver details, paths, etc.) and ensure they clearly understand the migration process, timeframes, downtime requirements, and have an opportunity to communicate with users prior to migration.
11. Create a post-production support plan: Ensure it includes escalation metrics, support team contact information and calendars, so the customer receives the level of support expected once the project is completed.

Visit our IAM Modernization page to discover how Persistent can apply three decades of complex migration and integration experience to your greatest opportunities and challenges.