Software Oriented Application Dependency Mapping: A Key Cloud Migration Weapon You Can’t Miss in 2020

by

Let me get right to it: “application dependency mapping” is a misleading phrase. It has been used by the application performance management (APM) providers as a way to repurpose data that they collect primarily to detect infrastructure bottlenecks.  While it is true that conventional solutions are good at mapping detectable dependencies, few of them (if any) actually focus on “applications”, or software, for that matter.

That is why I am so excited about the new feature launched in CAST Highlight this year called “Application Links”.  It’s an easy way for large enterprises to properly perform application dependency mapping.  It is software-oriented; it is crowd-sourced; and it is in the same place as your software portfolio analysis data. 

What is Application Dependency Mapping?

Application dependency mapping is the discovery and documentation of the interdependencies between different applications.  For example, a commerce application may use two different databases, one for transactional data, and another for master data.  The transactional database may be accessed by direct stored procedures, while the master data, being a shared resource, is accessed through application programming interfaces (APIs). The identification and documentation of these dependencies is application dependency mapping. 

Why is Application Dependency Mapping Important?

Without sound data to help properly plan software modernization and cloud migration, IT teams may end up with a great deal of last minute firefighting.  This can delay already expensive projects, because the scope needs to be expanded to include more components.  

[Additional Suggested Reading : Setting Your Cloud Migration Strategy: 3 Recommendations from Forrester]

In the process of application modernization, especially when it comes to cloud migration, it is important to know which components you need to migrate together.  For example, if an application is migrated to the cloud, but one of its dependant databases remained on premise without making it accessible via web service or API, the application may lose some of its functionality, or may not function at all.  By having a clear picture of interdependencies, IT leaders can plan “groups” of components to migrate at the same time, and also make provisions for components that remain in the on premise datacenter to be accessible to cloud applications.

Why is Application Dependency Mapping so Difficult?

There are several reasons why the exercise of application dependency have given many large and experienced IT teams a hard time.

First, application dependencies are typically not well known throughout the organization.  From my experience, dependencies are only thoroughly understood by technical leadership or application architects.  Even then, sometimes two or three-tiered dependencies are simply hidden. For example, a technical lead may know that a piece of C#-based business logic application uses a SQL database via some stored procedures.  However, what this technical lead may not know is that the SQL database is only an abstraction of a larger data lake that gets its input from three other data sources.  


Second
, since most cloud migration projects are led centrally in enterprises, the chances of dependencies being missed are quite high.  As much as IT leadership do their best to ensure the right application and components are modernized or migrated together, they usually have a tight timeline to follow.  The amount of analysis that is required to properly document each and every interdependency, and then evaluate different scenarios of grouping them can be overwhelming. Many teams take a “good enough” approach, and hope that their plan works.


Third
, teams that seek thorough application dependency mapping usually turn to infrastructure assessment tools, like application performance management (APM) solutions.  APM tools provide a lot of good information, and can do it visually. However, while APM tools are great for identifying dependencies based on existing infrastructure and within the confines of the scope that is being monitored by the APM tool, it is important to know that the results are often not comprehensive and are infrastructure oriented.  

Taking a Software-Oriented Approach to Application Dependency Mapping

Applications are not simply executable files.  They are a collection of data (databases, data lakes, files, etc.), interfaces (user and non-user), project dependencies, code, batch files, and libraries (open source and proprietary).  Therefore, application dependency mapping should be approached first from the application itself, regardless of the infrastructure it currently resides in. Afterall, the whole point of modernization is to ensure the end result is better, more resilient, and easier to align to business objectives.

The approach we take in CAST Highlight for application dependency mapping is called “Application Links”.   Application Links first, and foremost, focuses on software level dependencies.  It does so by harvesting the knowledge from technical leadership and architects, and, then, combines it together to form a full picture of an application ecosystem.  

Application Links discovers through crowd-sourcing your internal organization:

  1. What components does one application interact with (e.g. SWIFT mobile app to JEE backend logic)

  2. How does the interaction happen (e.g. via open APIs)

Then, taking all that information, CAST Highlight creates a visual diagram of the entire ecosystem’s interdependencies, without having one individual knowing two, three, four, or five tiers of dependencies.

Application-dependency-mapping-Application-Links-CAST-Highlight


Now, I strongly believe that software oriented application dependency mapping is a necessary complement to infrastructure-oriented dependency mapping.  I am a big fan of APM solutions, and I think they add significant value to the exercise. But, without a software-oriented side, the story is simply incomplete.

For a closer look at Applications Links, take a look at our Application Links Feature Focus here.

7 Simple Steps for Running an Application Dependency Mapping Exercise


Launching  an Application Links campaign in CAST Highlight is easy. Here are 7 simple steps:

  1. Establish Your Objective

    Be clear about why you are doing the exercise.  Is it for cloud migration planning? Or is it for general portfolio analysis?  The objective may change the way you ask for input. 

  2. Identify the Portfolio / Sub-Portfolio

    Not all application dependency mapping exercises will involve your entire portfolio.  If it is your first time doing the exercise, it may be wise to pick a small group of applications and components; for example, all the apps within a small business unit.  

  3. Identify your Key Stakeholders

    Identify all the relevant technical leadership for the exercise.  These are typically your technical leads, application architectures, and development managers.  Make sure all of their emails are added to your instance of CAST Highlight.

  4. Launch Crowd-sourced Data Gathering

    Name your campaign in CAST Highlight, and add your “Application Links” questions to the survey.  Then, send the survey to all the stakeholders you collected in the last step via CAST Highlight. You can monitor the data as your stakeholders begin to answer the survey questions.

  5. Incorporate Data from Infrastructure Assessment Tools (if it is accurate)

    If you have infrastructure dependency mapping data from APM tools, they can also be incorporated into CAST Highlight to make the results more robust.

  6. Explore Results

    CAST Highlight will present the results like a neural network that is both visual and interactive.  Explore the results and start discovering dependencies that you may not have been aware of. 

  7. Combine Application Dependency Mapping and Portfolio Analysis to Support Your Decision Making

    Because CAST Highlight also captures your application portfolio analysis with metrics such as Software Resiliency, Cloud Readiness, Business Impact, and Assigned FTEs, you can further inform your decision on phasing your modernization plan.  For example, several applications that are interdependent but have low Cloud Readiness scores may be shifted to a later phase.


If you need some help with an application dependency mapping exercise, CAST Highlight will be a great asset to you. If you’re interested in knowing more about how Application Links work, or would like to get started, get connected to our expert for a walk thru!

Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
Making sense of cloud transitions for financial and telecoms firms Cloud  migration 2.0: shifting priorities for application modernization in 2019  Research Report
Greg Rivera
Greg Rivera Vice President
As Vice President of CAST Highlight, Greg leads product strategy for the CAST SaaS platform helping customers and partners accelerate app modernization / cloud migration, rationalize their app portfolios, and reduce open source risk. He has worked with Fortune 1000 companies such as Microsoft, IDG Communications, and Arrow Electronics for over 20 years in technology and media, helping them make successful digital transformations. Greg has a B.S. in Electrical Engineering and an M.S. in Management of Technology and is passionate about applying technology to improve business and our everyday lives.
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|