Can you really migrate a legacy application with zero downtime?

True zero downtime is achievable for stateless applications with proper planning. Database-backed applications typically require a short maintenance window of 2 to 15 minutes for the final cutover, unless you implement continuous database replication with application-level transaction replay. With blue-green deployment and DNS-based traffic switching, planned downtime can be eliminated or reduced to under two minutes.

What is the strangler fig migration pattern?

The strangler fig pattern involves gradually routing traffic from the legacy application to a new cloud-hosted implementation, one feature or module at a time. The legacy system continues running and handling unchanged features while the new system grows around it. Over time, the new system handles all traffic and the legacy system is decommissioned — 'strangled' like the tree the pattern is named after.

Do I need to containerise my legacy application before migrating?

No — containerisation is beneficial but not required for a basic lift-and-shift migration. You can move VMs directly to cloud instances without containerisation. However, containerising with Docker before migration makes the application more portable, enables auto-scaling, simplifies deployment pipelines, and prepares you for Kubernetes if you need it later.

What is the biggest risk when migrating a legacy database?

The biggest risk is data loss during cutover — particularly transactions that happen in the window between the final backup and the DNS switch. Mitigate this by running continuous database replication right up to cutover, then doing a final sync with the application briefly paused, validating row counts and checksums, and only then switching DNS. Keep the source database running for 48 hours post-cutover before decommissioning.

How to Migrate a Legacy Application to the Cloud Without

TL;DR: Zero-downtime legacy migration requires four things: application containerisation (or VM replication), continuous database replication up to cutover, DNS TTL reduction before the event, and a tested rollback plan. For most database-backed applications, the actual cutover window is 2 to 10 minutes — not hours. Plan carefully, rehearse in staging, and you will be fine.

Why Zero-Downtime Migration Is Achievable But Requires Planning

The phrase "migrating to the cloud" conjures images of maintenance windows, 3am cutover calls, and frantic rollbacks. That stereotype is outdated. With modern tooling, most legacy applications can be migrated to the cloud with a planned maintenance window of under ten minutes — and stateless applications can achieve genuine zero downtime.

The critical insight is that most of the migration work happens in parallel with your live system. You build the cloud environment, replicate the data continuously, run validation tests, and only at the very end do you switch traffic. The "migration" that your users experience is just a DNS change.

Legacy Application Types and Their Migration Challenges

Monolith on Bare Metal

The most common legacy pattern: a single large application running directly on a physical server. Challenge: physical-to-virtual (P2V) conversion is needed before you can move it to a cloud VM. Tools like AWS Application Migration Service (CloudEndure) perform continuous block-level replication from physical servers, enabling migration with minimal downtime.

Application on a Virtual Machine

If your legacy app runs on VMware or Hyper-V, you're in luck — cloud providers make this easy. AWS Application Migration Service, Azure Migrate, and GCP Migrate for Compute Engine all offer continuous VM replication. You replicate the VM to the cloud, let it sync, then perform a final sync and cutover. Typical downtime: 5 to 15 minutes.

Database-Backed Web Application

This is the most common pattern for web applications. The application tier is relatively easy to migrate; the database is the constraint. You need continuous replication running right up to cutover, a strategy to handle the replication lag, and a clear "point of no return" when you stop writes to the source database and flush the remaining transactions to the target.

Windows Server Application

Windows Server applications are well supported in the cloud. All three major providers offer Windows VMs with full COM, DCOM,.NET Framework, and IIS support. If you're on Active Directory, Azure is the obvious choice for native directory integration. Licences can be brought across under AWS's BYOL or Azure Hybrid Benefit.

Migration Patterns

Pattern	Description	Downtime	Complexity	Best For
Blue-Green	Run old (blue) and new (green) environments simultaneously, switch traffic via DNS or load balancer	<2 min	Medium	Stateless apps, APIs
Strangler Fig	Incrementally migrate features to cloud; legacy handles remaining features until fully replaced	Zero	High	Large monoliths, long migrations
VM Replication	Continuous block replication of the VM; final sync and cutover with brief planned window	5–15 min	Low	VMs on VMware/Hyper-V
Database CDC + App Cutover	Replicate DB continuously via CDC; pause app, flush lag, switch DB connection string, restart app	2–10 min	Medium–High	Database-backed web apps
Feature Flag Traffic Split	Route percentage of traffic to cloud via feature flags; gradually increase to 100%	Zero	High	High-risk, high-availability apps

Pre-Migration Steps: Containerise, Extract Config, Make Stateless

Step 1 — Containerise the Application

Containerising with Docker is not strictly required for a lift-and-shift, but it unlocks significant benefits: consistent environments between dev/staging/prod, easy horizontal scaling, faster deployment cycles, and compatibility with managed container platforms (ECS, EKS, GKE). Below is a production-ready Dockerfile for a legacy Django/Python application.

# Dockerfile for a legacy Django application
# Stage 1: build dependencies
FROM python:3.11-slim AS builder
WORKDIR /app

# Install system dependencies for compiled packages
RUN apt-get update && apt-get install -y \
 gcc \
 libpq-dev \
 && rm -rf /var/lib/apt/lists/*

COPY requirements.txt.
RUN pip install --no-cache-dir --user -r requirements.txt

# Stage 2: production image
FROM python:3.11-slim
WORKDIR /app

# Install runtime-only system dependencies
RUN apt-get update && apt-get install -y \
 libpq5 \
 && rm -rf /var/lib/apt/lists/*

# Copy installed packages from builder
COPY --from=builder /root/.local /root/.local

# Copy application code
COPY..

# Create non-root user for security
RUN useradd -m -u 1000 appuser && chown -R appuser:appuser /app
USER appuser

# Collect static files (Django)
RUN python manage.py collectstatic --noinput

# Expose port
EXPOSE 8000

# Run with gunicorn for production
CMD ["python", "-m", "gunicorn", \
 "--bind", "0.0.0.0:8000", \
 "--workers", "4", \
 "--worker-class", "gthread", \
 "--threads", "2", \
 "--timeout", "120", \
 "myproject.wsgi:application"]

Step 2 — Extract Configuration from Code

Legacy applications often have database credentials, API keys, and environment-specific settings hardcoded in configuration files or even in the source code. Before migration, extract all of this into environment variables. In the cloud, these are provided via the platform's secrets management (AWS Secrets Manager, Azure Key Vault) rather than hardcoded values. This is a security requirement and a 12-factor app best practice.

Step 3 — Make the Application Stateless

Stateful applications store session data or files on the local server filesystem — which breaks when you have multiple instances or restart a container. Before migration: move session storage to Redis (ElastiCache), move file uploads to object storage (S3), and ensure no local filesystem writes are required for normal operation. This is the most impactful change for enabling auto-scaling and zero-downtime deployments.

Database Migration: Schema, Data, and Cutover

Database migration is typically the most risk-laden part of a legacy cloud migration. The goal is to have a complete, validated copy of the database running in the cloud before you ever flip the switch, with continuous replication running so the cloud DB stays current right up to cutover.

Schema Migration

Use AWS Schema Conversion Tool (for heterogeneous migrations — e.g., Oracle to Aurora PostgreSQL) or a straight dump-and-restore for same-engine migrations. Validate the schema on the target database before loading any data. Check for vendor-specific SQL features, stored procedures, triggers, and functions that may not translate directly.

Data Replication

Set up AWS Database Migration Service (DMS) or an equivalent for continuous change data capture (CDC) replication. DMS can perform a full load followed by ongoing CDC, keeping the target database in sync with the source with a lag typically under 30 seconds. Let this run for several days before cutover to validate data integrity and confirm the lag remains acceptable under production load.

Cutover Strategy (Under 10 Minutes)

The cutover sequence for a database-backed web application should be: (1) announce a brief maintenance window, (2) enable a maintenance page on the load balancer, (3) wait for CDC replication to catch up to near-zero lag, (4) stop all writes to the source database, (5) wait for final CDC sync to complete, (6) validate row counts and key data checksums on target, (7) update application DATABASE_URL environment variable to point to cloud DB, (8) start cloud application instances, (9) run smoke tests, (10) switch DNS. Total time: 5 to 10 minutes.

DNS Cutover Strategy

DNS propagation is not instantaneous — by default, most DNS records have a TTL of 3600 seconds (1 hour), meaning that after you update your DNS record, some clients may continue hitting the old server for up to an hour.

The fix: reduce your DNS TTL to 60 seconds at least 48 hours before the planned cutover. This gives the low TTL time to propagate globally. Then when you update the A record at cutover time, the maximum propagation delay is just 60 seconds — and most clients update much faster than that. After successful cutover, increase TTL back to 3600 seconds.

Rollback Plan

Every migration must have a tested rollback plan. Document: at what point in the cutover sequence rollback is still possible, the exact steps to execute a rollback, who has authority to call a rollback, and what the maximum acceptable rollback window is. Keep the old environment fully operational for at least 48 hours post-cutover. Do not decommission the source database until you've validated data integrity under real production traffic.

Testing Strategy

Smoke tests confirm the application starts and returns expected responses on basic health-check endpoints. Run these immediately after each deployment to the cloud environment during parallel operation.

Regression tests verify that all existing features work correctly. If you don't have an automated regression suite, now is the time to build one — even manual test scripts. The migration is an opportunity to close this technical debt.

Load tests using tools like k6 or Locust confirm that the cloud environment handles your expected peak traffic. Don't just test the average load — test 2 to 3x your peak to validate auto-scaling responds correctly.

Rehearsal is the most important test of all: run a complete dry-run of the cutover procedure in a staging environment before the real event. Identify any steps that take longer than expected. The first time you run the cutover procedure should never be in production.

Need Help Migrating a Legacy Application?

SpiderHunts Technologies specialises in zero-downtime legacy cloud migrations. We handle containerisation, database replication, cutover execution, and post-migration optimisation — so your business experiences minimal disruption.

Discuss Your Migration

Cloud Cloud Migration Guide: How to Move Your Business to the Cloud Cloud AWS vs Azure vs Google Cloud: Which Is Right for Your Cloud Cloud Cost Optimisation: How to Cut Your AWS Bill by 40%

How to Migrate a Legacy Application to the Cloud Without Downtime