Recommended4+1 DevelopmentAWS Ops ExcellenceAzure Ops Excellence
Lifecycle Management describes how the solution is developed, deployed, operated, and eventually retired. It corresponds to the Development View in the 4+1 model and the operational aspects of the AWS/Azure Well-Architected Frameworks.
| Sub-section |
Focus |
Depth |
| 5.1 Software Development & CI/CD |
Build and deploy pipelines |
Recommended |
| 5.2 Service Transition & Migration |
Migration strategy and cutover |
Recommended |
| 5.3 Test Strategy |
Architecturally significant testing |
Recommended |
| 5.4 Release Management |
Release frequency and process |
Recommended |
| 5.5 Operations & Support |
Support model and SLAs |
Recommended |
| 5.6 Resourcing & Skills |
Team capability and readiness |
Recommended |
| 5.7 Service Start |
Start-up sequence and dependencies |
Comprehensive |
| 5.8 Maintainability |
Patching, certificates, dependencies |
Recommended |
| 5.9 Decommissioning & Legacy Removal |
End-of-life and disposal |
Recommended |
| 5.10 Exit Planning |
Vendor lock-in and exit strategy |
Recommended |
Recommended
Does the application include any software developed internally?
| Attribute |
Detail |
| Source control platform |
[e.g., GitHub, GitLab, Bitbucket] |
| CI/CD platform |
[e.g., Jenkins, GitHub Actions, Azure DevOps] |
| Build automation |
[how builds are triggered and managed] |
| Deployment automation |
[how deployments are automated] |
| Test automation |
[what testing is automated in the pipeline] |
| Control |
Implementation |
| Security requirements identification |
[how security requirements are captured] |
| Static Application Security Testing (SAST) |
[tool used] |
| Dynamic Application Security Testing (DAST) |
Yes / No - [tool] |
| Software Composition Analysis (SCA) |
[tool used] |
| Container image scanning |
[if applicable, tool used] |
| Secure coding practices |
[standards, training, code review] |
| Patch management |
[how security patches are applied and SLAs] |
Recommended
If this solution replaces or migrates an existing system, classify the migration approach:
| Classification |
Selected? |
Description |
| Retain |
☐ |
Keep as-is, not suitable for migration at this time |
| Retire |
☐ |
Decommission; functionality no longer needed |
| Rehost |
☐ |
Lift-and-shift to new infrastructure with minimal changes |
| Replatform |
☐ |
Lift-and-shift with targeted optimisations (e.g., managed database) |
| Refactor |
☐ |
Re-architect components to take advantage of new platform capabilities |
| Replace |
☐ |
Replace entirely with a new solution (e.g., SaaS product) |
| Attribute |
Detail |
| Deployment strategy |
Big Bang / Blue-Green / Canary / Strangler Fig / Rolling / Parallel Run |
| Data migration mode |
One-off / Phased / Continuous Sync / Not applicable |
| Data migration method |
[e.g., Export/Import, ETL, CDC, DMS, manual] |
| Data volume to migrate |
[e.g., 500 GB] |
| End-user cutover approach |
One-off / Phased / Not applicable |
| External system cutover |
One-off / Phased / Not applicable |
| Maximum acceptable downtime |
Zero / Seconds / Minutes / Hours / Days |
| Rollback plan |
[how to revert if the transition fails] |
| Acceptance criteria |
[what must be true before cutover] |
| Transient infrastructure needed? |
Yes / No — [if yes, describe temporary infrastructure required during migration] |
Recommended
Describe the testing approach that validates the architecture:
| Test Type |
Scope |
Approach |
Environment |
Automated? |
| Integration testing |
[what is tested] |
[approach] |
[environment] |
Yes / No |
| Contract testing |
[API contracts between services] |
[approach] |
[environment] |
Yes / No |
| Performance testing |
[load, stress, soak] |
[approach] |
[environment] |
Yes / No |
| Security testing |
[penetration, vulnerability] |
[approach] |
[environment] |
Yes / No |
| DR testing |
[failover, recovery] |
[approach and frequency] |
[environment] |
Yes / No |
Guidance
This section covers architecturally significant testing — not unit tests or functional test cases (which belong in detailed design / low-level documentation). Focus on testing that validates the architecture itself: integration points, performance characteristics, security posture, and recovery capabilities.
Recommended
| Attribute |
Detail |
| Release frequency |
[e.g., continuous, weekly, monthly, quarterly] |
| Release process |
[how releases are planned, approved, and deployed] |
| Release validation |
[how releases are validated in production] |
| Feature flags / toggles |
[if used, how they are managed] |
Recommended
| Attribute |
Detail |
| Support model |
[which teams or vendors support the application] |
| Support hours |
[e.g., 24/7, business hours, follow-the-sun] |
| SLAs |
[internal or external service level agreements] |
| Escalation paths |
[how issues are escalated] |
Recommended
Operational practices have a continuous carbon impact. Document how sustainability is preserved over the life of the running solution; the metric and tooling detail belongs in Section 4.5.
| Question |
Response |
| Are non-production environments on an auto-shutdown schedule (e.g., evenings, weekends)? |
Yes / No — [schedule] |
| Is there a periodic review of compute right-sizing (typically quarterly)? |
Yes / No — [cadence] |
| Are unused resources (orphaned VMs, unattached disks, idle environments) actively identified and reclaimed? |
Yes / No — [process] |
| Is the carbon footprint reported alongside cost in operational reviews? |
Yes / No |
| Are environment retirements (e.g., a decommissioned dev cluster) actually deleted, not just stopped? |
Yes / No |
Recommended
Assess whether the team has the skills and resources to build, operate, and support the solution.
| Skill Area |
Current Level |
Action Required |
| Cloud platform (e.g., AWS, Azure, GCP) |
High / Medium / Low / N/A |
[training, hiring, or contractor needed?] |
| Infrastructure as Code (e.g., Terraform, Pulumi) |
High / Medium / Low / N/A |
[…] |
| CI/CD pipeline management |
High / Medium / Low / N/A |
[…] |
| Application technology stack |
High / Medium / Low / N/A |
[…] |
| Database administration |
High / Medium / Low / N/A |
[…] |
| Security & compliance |
High / Medium / Low / N/A |
[…] |
| Question |
Response |
| Can the team fully operate and support this solution in production? |
A: Fully capable / B: Partially capable / C: Not yet capable but willing to learn / D: Not capable and will not be in the foreseeable future |
| If B, C, or D: what additional resources are required? |
[e.g., DBA, DevOps engineer, cloud architect, managed service] |
| Is a managed service being considered for ongoing operations? |
Yes / No — [details] |
Comprehensive
Describe how the application and its supporting services are started:
[What steps are needed to bring the solution into operation? Are there manual steps? What is the start-up sequence and dependency order?]
Recommended
Describe how the solution design enables ongoing maintenance:
| Concern |
Approach |
| Keeping software versions current and supported |
[patching strategy] |
| Hardware lifecycle management |
[refresh cadence] |
| Certificate management |
[renewal process] |
| Dependency management |
[how third-party dependencies are tracked and updated] |
Recommended
Where this solution replaces or modifies existing systems, document the plan for removing legacy infrastructure.
| Attribute |
Detail |
| Intended lifespan |
[expected or planned lifetime of the solution] |
| End-of-life triggers |
[what would trigger decommissioning] |
| Decommissioning blockers |
[dependencies or constraints on retirement] |
| Legacy Component |
Current State |
Decommission Date |
Owner |
Dependencies |
Status |
| [system/server/service] |
[running / standby / powered off] |
[target date] |
[person/team] |
[what depends on it] |
Planned / In Progress / Complete |
Guidance
Common items to decommission after migration or replacement:
- Servers and VMs — physical or virtual machines no longer needed
- Licences — software licences that can be released or cancelled
- Network rules — firewall rules, DNS entries, load balancer configs for retired systems
- Data stores — databases, file shares, or storage accounts (after data migration and retention period)
- Monitoring and alerting — dashboards, alerts, and runbooks for retired systems
- Service accounts and credentials — accounts and secrets for decommissioned integrations
- Documentation — update or archive architecture documents for retired systems
Technical debt is tracked in Section 6.6 — Technical Debt Register.
Comprehensive
| Attribute |
Detail |
| Data disposal method |
[how data will be securely erased — crypto-shredding, secure wipe, physical destruction] |
| Data retention obligations |
[any data that must be retained beyond decommissioning, and for how long] |
| Infrastructure disposal |
[how hardware/cloud resources will be decommissioned — resource deletion, subscription cancellation, hardware return] |
| Cost savings realised |
[expected cost reduction from decommissioning] |
Recommended
If hosted in public cloud or with a third-party provider:
| Attribute |
Detail |
| Exit strategy |
[how to migrate away from the current provider] |
| Data portability |
[how data can be extracted and migrated] |
| Vendor lock-in assessment |
[degree of lock-in and mitigation] |
| Exit timeline estimate |
[how long an exit would take] |
Scoring Guidance
| Score |
What This Looks Like |
| 1 |
CI/CD tool identified but pipeline not documented |
| 3 |
Development practices, deployment strategy, support model, and release frequency documented; migration plan in place if applicable |
| 5 |
All of the above plus security scanning integrated in pipeline, team skills assessed with action plan, exit strategy documented with vendor lock-in assessment |