Designing the application

During the design phase, your focus should be on successfully migrating applications and making sure your application design to meet the required success criteria is up to date after it has been migrated to the cloud. For example, if you are maintaining user sessions in the on-premise application server (so that it can scale horizontally), make sure that a similar architecture is implemented in the cloud after the migration, which defines the success criteria.

It is essential to understand that the primary goal of this phase is to ensure that your application has been designed to meet the migration success criteria. You need to identify opportunities that enhance your application, and these can be accomplished and achieved during the optimization phase.

For migration, first, you need to have a complete understanding of your organization's foundational architecture on-premises and in the cloud, which includes the following:

• User account
• Network configuration
• Network connectivity
• Security
• Governance
• Monitoring

Knowledge of these components will help you to create and maintain a new architect for your application. For example, if your application handles sensitive information such as Personally Identifiable Information (PII) and has control access, this means your architecture needs a specific network setting.

During the design phase, you will identify the architecture gap and enhance your architecture as per your application requirements. When you have multiple accounts, each account may have some level of relationship or dependency; for example, you can have a security account to ensure that all your resources are compliant with company-wide security guidelines.

When thinking about your application's network design, you need to consider the following:

• Network packet flows entering the boundaries of your application
• External and internal traffic routing 
• Firewall rules for network protection
• Application isolation from the internet and other internal applications
• Overall network compliance and governance 
• Network log and flow audit 
• Separation of application risk levels, as per their exposure to data and users
• DDoS attack protection and prevention
• Network requirements for production and non-production environments
• SaaS-based multi-tenancy application access requirements 
• Network boundaries at the business unit level in an organization 
• Billing and implementation of the shared services model across the business unit

You can consider hybrid connectivity options with an on-premise system, depending on your connectivity needs. To build and maintain a secure, reliable, performant, and cost-optimized architecture in the cloud, you need to apply best practices. Review your cloud foundational architecture against the cloud best practices before migrating to the cloud.

Chapter 4, Principles of Solution Architecture Design, highlights common architectural design patterns that you can consider when migrating your application to the cloud. It is important to emphasize here that the primary goal of the design phase in the migration process is to design your application architecture so that it meets the migration success criteria identified in the planning phase. Your application can be further optimized during the optimization phase of the migration project.

In the process of migrating to the cloud, you can design your application architecture so that it benefits from the global cloud infrastructure and increases proximity to your end users, mitigates risk, improves security, and addresses data residency constraints. Systems that are expected to grow over time should be built on top of a scalable architecture that can support growth in users, traffic, or data with no drop in performance.

For applications that need to maintain some state information, you could make specific components of the architecture stateless. If there are any layers in the architecture that need to be stateful, you could leverage techniques such as session affinity to be still able to scale such components. Leverage a distributed processing approach for applications that process vast amounts of data.

Another approach to reducing the operational complexity of running applications is using serverless architectures. These architectures can also reduce cost because you are neither paying for underutilized servers nor provisioning redundant infrastructure to implement high availability. You will learn more about the serverless architecture in Chapter 6, Solution Architecture Design Patterns.

The following diagram shows a migration design from on-premise to AWS Cloud:

In the preceding diagram, as part of the cloud migration strategy, it was determined to rehost the web servers and introduce autoscaling to provide the elasticity that can help meet the spikes in demand. Elastic load balancers are also added to distribute the incoming traffic to the web server instances. The application servers were migrated using refactor, and the platform for the database tier changed from the traditional database to a cloud-native Amazon RDS. The entire architecture is distributed across multiple availability zones to provide high availability, and the database replicates to a standby instance in the second availability zone.

As an output of your design phase, you should create a detailed design document for the architecture of your application in the cloud. The design document should include details such as the user account that the application must migrate to, network configuration, and a list of users, groups, and applications that need access to the data held by this application. The design document should clearly articulate application hosting details and application-specific requirements for backup, licensing, monitoring, security, compliance, patching, and maintenance. Ensure that you create a design document for each application. You will need it during the migration validation phase to perform a basic cloud functionality check and an application functionality check.