Professional Documents
Culture Documents
Application Portfolio Assessment For Cloud Readiness Sample Report
Application Portfolio Assessment For Cloud Readiness Sample Report
• Executive Summary
• Portfolio Snapshot
• Appendix
• Data Collection Process
• Metrics & Definitions
3
Application Portfolio Snapshot
20
applications
6.2m
lines of code
113k
back-fired function points
Software Agility
Software Elegance
CloudReady
Software Resiliency
4
Application Portfolio Snapshot
Size
Technology Resiliency Agility Elegance
(LOC)
Javascript 3M 57.09 63.24 57.12
C# 2M 95.41 65.37 78.32
PHP 740K 89.72 69.76 85.08
Java 697K 94.58 68.03 84.69
Python 10K 45.50 52.77 48.82
5
Application Portfolio Assessment Report
Cloud Readiness
Assessment
Portfolio Cloud Readiness | Cloud Ready vs Business Impact
90
60
matrix crosses Business
50 Impact with Cloud Readiness
and the size of the bubbles
Hollow
40 represents the relative size
of each application. This
30
helps determine how to
20
start segmenting and
prioritizing each application
10 based on both technical and
business criteria.
0
10 20 30 40 50 60 70 80 90 100
CloudReady
7
Portfolio Cloud Readiness | Segmentation & Prioritization
70 KaryonServo Beachhead
Priam Lucee Lando
Genie Lowlight Wedge
Business Impact
60
50 REHOST TO IAAS
CRM MMU
40
Low Business Impact – High Cloud Readiness Analytics AR
Start Migration Here to Demonstrate Early Success with
IEP AP
Lower Business Risk
30
REPLACE OR RETIRE
20
Low Business Impact – Low Cloud Readiness
Consider Retirement or Replacement with a SaaS Alternative BAT
10 Soundwave
0
PURSUE LATER QUICK-WINS
10 20 30 40 50 60 70 80 90 100
CloudReady
Here is an example of an initial
portfolio segmentation and
prioritization. 8
Portfolio Cloud Readiness | Top Boosters & Blockers
9
Blocker Detail: Using Stateful Sessions
10
Blocker Detail: Use of File System
11
Blocker Detail: Perform File Manipulation
12
Cloud Boosters & Blockers | IEP Application View
Each individual application is then assessed to understand the specific Blockers that
occur within each application so that the segmentation and prioritization can be
further refined based on individual application characteristics. 13
Migration Recommendation | IEP Application
The IEP application team is one of the most advance in the group The team is used to Cloud development and will be able to
regarding Cloud expertise. identify quickly the blockers for a PaaS migration.
Each individual application is then assessed to understand the specific Blockers that
occur within each application so that the segmentation and prioritization can be
further refined based on individual application characteristics. 15
Migration Recommendation | Karyon Application
• Investigate Health of each application to understand if there are any high-risk apps that
need to be improved before migration.
The cloud migration recommendations are then summarized to
develop the overall roadmap for the portfolio.
17
Application Portfolio Assessment Report
Software Health
Assessment
80
CONFIDENCE ZONE
KaryonServo Beachhead
Priam Lucee Lando
60
Genie Lowlight Wedge
Business Impact
VULNERABILITIES
40
IEP Hollow
Tensorflow Fenzo
Analytics AP
0
45 55 65 75 85 95
Software Resiliency
Application Health measures (such as Resiliency)
are analyzed to ensure unhealthy applications are
improved before migration. 19
Software Health | Tensorflow Application View
• Some apps have Resiliency scores that are severely low. Code alerts should be
remediated before migration to cloud on these applications:
• Hollow
• CRM
• IEP
• AR
21
Application Portfolio Assessment Report
Software Composition
Analysis
Open source is one of Open source licensing can Open source components can
the major entry points be complex and become out of date or
for hackers. It is critical confusing. Visibility on the unsupported resulting in
to identify if the third- licenses used by open functional and security risks.
party components in source components is These out of date
use contain security required to detect any components must be
vulnerabilities. restrictive license detected and replaced with
compliance issues. supported components.
CAST Confidential
23 23
Software Composition Analysis | Security Vulnerabilities
Application Components
Karyon minimatch 3.0.0, useragent 2.1.12, qs 2.3.3, decamelize 1.1.1, parsejson 0.0.3, hapi 15.x.x,
tomcat-embed-core 7.0.73, slf4j-api 1.7.7, cxf-rt-frontend-jaxws 2.7.12, is-my-json-valid 2.12.0, ua-parser-js 0.7.12,
Hollow
marked 0.3.6, minimatch 3.0.0, useragent 2.1.11, jquery 1.7.2, hibernate-validator 4.2.0.Final,
openjpa-persistence-jdbc 2.1.1, commons-fileupload 1.2.1, jackson-databind 2.5.3, dom4j 1.6.1, jsoup 1.8.1,
Other apps
derby 10.1.1.0 …
License Risk
MIT License (358), ISC License (39), Apache 2.0 (16), Eclipse 2.0 (1), BSD 2 (14), GNU Affero
Karyon 579
GPL 3 (1), BSD 3 (1)
Hollow 32 MIT License (2), Apache 2.0 (1), GNU GPL 3 (4)
• IEP: Upgrade jsh component to latest version to reduce critical vulnerability risk
• Hollow:
• Upgrade hibernate component to latest version to reduce critical vulnerability
risk
• Replace component that uses the GNU GPL license to avoid copyleft licensing
risk
• CRM: Replace component that uses the GNU GPL license to avoid copyleft licensing
risk
• Karyon: Replace component that uses the GNU GPL license to avoid copyleft
licensing risk
26
Contact Us
to learn how to generate an application Visit the CAST Highlight web site.
portfolio assessment report automatically
Appendix
Date
29 CAST Confidential
Key Metrics & Methodology Definitions
Measure the robustness and how Reflects presence of code Customer Satisfaction
Software Resiliency bullet-proof is the Software against patterns that may comprise Customer Confidence / Loyalty
production failure vulnerability of the software Opportunities & Revenue
Medium > 66.0 Medium > 55.0 Medium > 50.0 Medium > 65.0
Low < 66.0 Low < 55.0 Low < 50.0 Low < 65.0
30
CloudReady Index Calculation Formula
Based on Based on
CloudReady Survey** CloudReady Scan***
CloudReady
13.4 77.1
45.2
(weight of 50%) (weight of 50%)
Code Patterns Score
**CloudReady Survey score - from 0 to 100 - relies on the answers provided by the Application Owner. Depending on the importance of a question, its answers may impact the score
differently. 31