Dual-stack routing
A router decides mainframe or new platform per service. Cutover happens one service at a time, with full rollback on every flip.
Loading…
Work/Public sector · 4M citizens
Public sector · 4M citizens · 2024-2025
A state government was running citizen services on a 1990s COBOL mainframe with monthly four-hour outages. We led the strangler-fig migration to a cloud-native platform.
A US state government was running citizen services on a mainframe written in the 1990s. Driver license renewals, benefits applications, and business filings all flowed through it. Monthly outages of four hours were normal. Two prior modernization attempts had failed at the same step: trying to migrate everything at once. The new request from the CIO was different. Come in with discipline about what could move fast and honesty about what could not.
Two weeks of architectural review with the state CIO and security team. We mapped every service the mainframe ran and ranked each one by traffic, complexity, and risk. The plan: stand up a Go and Postgres platform alongside the mainframe, route traffic service-by-service starting with the highest-volume lowest-risk surface (license renewals), and keep the mainframe alive for the last-mile edge cases until those could be retired one at a time.
A router decides mainframe or new platform per service. Cutover happens one service at a time, with full rollback on every flip.
All new screens designed and audited for the strictest accessibility tier. Citizens with screen readers got measurable improvement.
Keycloak as the new SSO, federated with the mainframe identity store. Citizens kept one login through the entire migration.
Every metric, log, and trace stripped of citizen PII at source. FedRAMP audit ready by month nine.
Security planning. FedRAMP authorization process started. Service map ranked.
Identity federation. First service (license renewals) in pilot.
Highest-volume surfaces first. Each cutover gated by SLO.
Mainframe decommissioning. OpEx savings booked at the state level.
Year 1 post-migration. Down from monthly 4-hour outages.
Independent surveys before/after. Largest gain on accessibility-dependent users.
Mainframe maintenance costs decommissioned.
Two attempts had failed before this. The thing Teckfinity got right was being honest about what couldn't be moved fast, and ruthlessly disciplined about the things that could.