WH WHPS TransformationMainframe Blueprint
Mainframe migration strategy

Modernize by domain, not by big-bang rewrite.

WHPS will separate business capability from legacy implementation, expose critical functions through a facade, rebuild domains on the target platform, reconcile data, prove parity, and retire dependencies by wave.

Pattern Strangler modernization through an anti-corruption layer.

Consumers move capability by capability while legacy remains controlled.

Proof Dual run, reconciliation, replay, and parity certification.

No write ownership transfer without operational and data evidence.

Exit Decommission jobs, feeds, licenses, access, and contracts.

Savings count after dependency retirement, not after code deployment.

View wave roadmap Review financial transition
Migration posture Agile waves + strangler pattern
Primary pattern Strangler Traffic moves by capability through a facade.
Coexistence Dual run Mainframe and target compare outputs before cutover.
Data control CDC plus batch Reconcile records, files, and batch output.
Exit condition Retire Jobs, licenses, access, interfaces, and contract items close.
AWS discovery baseline

The HPS mainframe estate is large enough that modernization must be run as a governed factory.

The April 10, 2026 AWS Mainframe Migration Assessment kickoff quantifies a 9.55M LOC in-scope estate inside a broader 22M LOC environment. The source evidence makes one point very clear: this is not only COBOL conversion. It is code, scheduler, DB2, batch, security, middleware, file transfer, control-card, stored-procedure, testing, operations, and decommission work.

Portfolio assessed 9,553,337 LOC 8,598,003 active LOC; 32,815 source members; 29,534 active members.
Mainframe scale 6,628 MIPS 15-20 apps, 10 z/OS DB environments, about 18 TB, 41K IOPS.
Core runtime 168h OLTP 140h batch/week; Control-M/IWS, RACF, WebSphere/Tomcat, REST APIs.
In-scope artifacts COBOL + JCL Copybooks, procs, DB2 stored procedures, CTL, FTP control cards.
Discovery workstream Source evidence / input WHPS decision output Why leadership cares
Reimagine workload analysis Up to one candidate workload of up to 100K LOC, source uploaded in native format, AWS Transform analysis, business-rule extraction, data lineage. Candidate target architecture, feasibility recommendation, PoC scope, cost/timeline/RACI. Proves whether a business capability can be redesigned instead of merely translated.
Refactor code analysis COBOL, copybooks, JCL, PROC, stored procedures, scheduler config, third-party utility usage, dependencies, supported/unsupported language findings. Dependency graph, module candidates, target reference architecture, migration sequence, project plan and estimates. Prevents underestimating complexity and makes wave sequencing evidence-based.
Migration Readiness Assessment Business value, people readiness, governance, platform, security/risk/compliance, operations readiness. Gap register, owners, prioritized actions, mobilize plan, governance cadence. Shows what must be funded or fixed before cutover risk is acceptable.
Source-code and runtime intake Native encoding, binary offload, build/run artifacts, scheduler config, JCL/REXX/CMD/BAT, screens/BMS maps, DB2 DDL, VSAM/GDG metadata, CTL/CSD, docs. Controlled evidence vault, source completeness score, unknowns list, and traceable transformation inputs. Stops debates about whether the discovery is complete enough to draw or fund the target state.
Delivery cadence Weekly review across AWS/HPS delivery, biweekly steering committee, status reports, feedback, steering report, decision log. Governed modernization operating rhythm with decisions, risks, actions, and evidence freshness. Gives leadership a visible mechanism to control cost, risk, and scope drift.
Discovery to wave factory

AWS discovery outputs become WHPS migration waves only after traceability, parity, and retirement gates exist.

The modernization factory uses AI-accelerated analysis to create evidence faster, not to bypass certification. Every candidate wave must show source coverage, dependency ownership, source-of-record rules, data parity, security controls, test replay, rollback, support ownership, and a decommission condition.

L2 workflow

AWS Transform discovery to WHPS migration wave factory

flowchart LR
  SRC["Native source intake
COBOL, copybooks, JCL, PROC, CTL, FTP cards, DB2 DDL, stored procs"]
  RUN["Runtime evidence
SMF, scheduler, batch windows, MQ/MQFTE, APIs, files, support incidents"]
  MRA["MRA workshops
business value, people, governance, platform, security, operations"]
  ANALYZE["AI-assisted analysis
call graph, data graph, business rules, interface graph, unsupported patterns"]
  CAND["Candidate domain backlog
billing, broker, commissions, enrollment, recon, data warehouse, audit letters, rating"]
  SCORE{"Wave score
value, coupling, data risk, batch risk, security, owner readiness"}
  W0["Wave 0 controls
facade, evidence vault, replay harness, IAM, logging, rollback"]
  W1["Wave candidate
read-only inquiry, reporting, document/notice, recon, billing batch, enrollment write"]
  PARITY["Parity gates
contract tests, data checksums, EDI/file replay, output variance, SLOs"]
  CUT["Cutover decision
CAB, business owner, security, ops, finance approval"]
  RETIRE["Decommission ledger
jobs, feeds, certs, accounts, licenses, contracts, savings"]
  SRC --> ANALYZE
  RUN --> ANALYZE
  MRA --> CAND
  ANALYZE --> CAND
  CAND --> SCORE
  SCORE -->|not ready| MRA
  SCORE -->|ready| W0
  W0 --> W1 --> PARITY --> CUT --> RETIRE
Candidate wave type Why it may be sequenced there Minimum evidence before cutover Retirement proof
Read-only inquiry and service views Lower write risk; useful for ServiceLink Portal and Contact Center AI 360-degree context. Data lineage, read parity, role policy, PHI logging, SLA baseline, fallback path. Legacy inquiry consumers closed or routed through facade with monitoring.
Reporting, DataLink, reconciliation, and audit-letter views Provides value without immediately moving transaction ownership; exposes lineage and control-total gaps early. Certified data product, source/target counts, reconciliation exceptions, report signoff. Redundant extracts, manual spreadsheets, and stale report jobs retired.
Documents, notices, communication events Communication Engine and document flows are operationally visible and can prove event governance. Template owner, event schema, delivery status, suppression rules, print vendor path, audit trace. Legacy notice job or manual print routing closed with vendor confirmation.
Billing batch and reconciliation High value but sensitive due to dunning, grace periods, APTC, refunds, cash splitting, and payment posting. Batch replay, financial control totals, exception workflow, rollback owner, finance approval. JCL/jobs, datasets, feeds, and operational procedures retired and value ledger updated.
Enrollment and policy write ownership Highest business and compliance impact; should follow facade, data, and operations maturity. Contract tests, CMS/FFM and carrier flow parity, EDI acknowledgments, DB2 lineage, manual fallback, security approval. No active legacy write consumers; audit trail, support model, and savings captured.
Migration strategy

Use a controlled modernization factory instead of a rewrite program.

The migration factory converts the mainframe estate into a scored dependency graph, assigns each capability a disposition, moves traffic through a coexistence layer, and closes the loop with decommission evidence.

Inventory

Build the technical truth model.

Analyze COBOL, copybooks, JCL, scheduler jobs, CICS transactions, Db2/VSAM stores, files, screens, and consumers.

  • Static and runtime analysis
  • Batch calendar and SLO map
  • Interface ownership ledger
Disposition

Assign the right modernization path.

Retain temporarily, encapsulate, rehost, replatform, rewrite, replace, archive, or retire based on business value and coupling.

  • Capability value scoring
  • Complexity and coupling score
  • Regulatory and data risk score
Coexistence

Protect consumers while domains move.

Route traffic through versioned APIs and events so portals, Contact Center AI, batch, and reporting consume stable contracts.

  • Anti-corruption facade
  • Contract and replay tests
  • Weighted routing and rollback
Retirement

Make decommission a release deliverable.

Close jobs, feeds, datasets, accounts, operations procedures, Ensono dependencies, licenses, and archive obligations.

  • Consumer-zero evidence
  • Finance linkage
  • Operations signoff
Wave design How migration waves are formed.

Waves are formed around bounded business domains, runtime dependency clusters, data ownership, batch windows, consumer impact, and readiness of target platform services. The right first waves are high-value, low-coupling domains that can prove the factory without destabilizing critical servicing.

Data strategy How target data becomes trusted.

Data migration uses profiling, canonical mapping, initial load, CDC or scheduled deltas, checksums, field-level reconciliation, exception replay, and parallel-run variance thresholds. Target data is not trusted for production write ownership until parity and support gates pass.

Modernization guardrails What prevents carrying technical debt forward.

The program does not translate old structures blindly. It rebuilds target domains around product requirements, service APIs, event contracts, observability, IAM, runbooks, test replay, and support ownership, using legacy behavior as a validation baseline rather than the target design.

Diagram depth levels

Mainframe migration views from workload disposition to cutover state control.

These views are designed for engineers and migration leads: they separate strategic disposition, hybrid target architecture, data migration mechanics, and the operational cutover state machine.

L0 disposition

Workload disposition decision tree

flowchart LR
  INV["Inventory COBOL JCL CICS IMS Db2 VSAM files"] --> MAP["Dependency graph and business owner map"]
  MAP --> CRIT{"Business critical and actively used?"}
  CRIT -->|No| RETIRE["Retire or archive"]
  CRIT -->|Yes| COUP{"High coupling or hidden rules?"}
  COUP -->|High| ENC["Encapsulate behind facade"]
  COUP -->|Moderate| REPLAT["Replatform by bounded domain"]
  COUP -->|Low| REHOST["Rehost or replace"]
  ENC --> STRANGLE["Strangler wave plan"]
  REPLAT --> STRANGLE
  REHOST --> STRANGLE
  STRANGLE --> DUAL["Dual run and parity proof"]
  DUAL --> DECOM["Decommission ledger"]
L1 hybrid

Strangler architecture with anti-corruption layer

flowchart TB
  subgraph Consumers["Consumers"]
    BROKER["BrokerLink Portal"]
    GROUP["GroupLink Portal"]
    CALL["Contact center"]
    BATCHC["Batch consumers"]
  end
  subgraph Facade["Facade"]
    API["Versioned APIs"]
    EVT["Domain events"]
    CANARY["Weighted routing"]
    CONTRACT["Contract tests"]
  end
  subgraph Legacy["Mainframe estate"]
    CICS["CICS transactions"]
    COBOL["COBOL services"]
    JCL["JCL batch"]
    DB2["Db2 VSAM files"]
  end
  subgraph Cloud["Cloud domains"]
    SVC["Domain services"]
    DB["Managed data stores"]
    BUS["Event bus"]
    OBS["Observability IAM secrets"]
  end
  BROKER --> API
  GROUP --> API
  CALL --> API
  BATCHC --> EVT
  API --> CANARY
  CANARY --> CICS
  CANARY --> SVC
  EVT --> JCL
  EVT --> BUS
  CONTRACT --> CICS
  CONTRACT --> SVC
  DB2 --> DB
  SVC --> DB
  SVC --> BUS
  OBS --> API
  OBS --> SVC
L2 data flow

Data migration and reconciliation pipeline

flowchart LR
  SRC["Db2 VSAM flat files"] --> PROF["Profile encoding keys nulls packed decimals"]
  PROF --> MAP["Canonical schema mapping"]
  MAP --> LOAD["Initial full load"]
  SRC --> CDC["CDC or scheduled delta extract"]
  LOAD --> LAND["Landing zone"]
  CDC --> LAND
  LAND --> TRANS["Transform validate enrich"]
  TRANS --> TGT["Target managed store"]
  SRC --> CHECK["Source counts and checksums"]
  TGT --> CHECK2["Target counts and checksums"]
  CHECK --> REC["Reconciliation engine"]
  CHECK2 --> REC
  REC -->|Pass| PAR["Parallel run ready"]
  REC -->|Fail| EXC["Exception queue and replay"]
  EXC --> MAP
  PAR --> CUT["Cutover candidate"]
L3 cutover

Migration wave state machine

stateDiagram-v2
  [*] --> WaveIntake
  WaveIntake --> DiscoveryComplete: inventory and owner signoff
  DiscoveryComplete --> FacadeReady: contracts and routing in place
  FacadeReady --> DataSynced: initial load and deltas clean
  DataSynced --> ParallelRun: replay and dual execution
  ParallelRun --> Canary: output parity and SLO baseline pass
  Canary --> Cutover: CAB and business approval
  Canary --> Rollback: SLO parity or support failure
  Rollback --> ParallelRun
  Cutover --> Stabilize
  Stabilize --> Decommission: no active legacy consumers
  Decommission --> SavingsCaptured: jobs licenses feeds access closed
  SavingsCaptured --> [*]
Migration methodology

Dependency graph to disposition to migration wave.

The modernization plan starts by making the estate visible. Programs, copybooks, schedulers, screens, files, tables, MQ/file feeds, consumers, and runtime volumes are turned into a dependency graph that drives the replatform, rewrite, or decommission decision.

Mainframe dependency graph to migration wave factory AWS Transform-style analysis plus WHPS disposition categories, certification, and decommission proof. Inventory inputs Code COBOL, copybooks. Batch JCL, CA7, Control-M. Data Db2, VSAM, files. Consumers Dependency graph Pgm Db2 Job Feed Edges show call, data, batch, file, screen, and consumer dependency. Disposition decision Replatform Batch payment, month-end. Rewrite Eligibility, letters, APIs. Decommission Reports, extracts, orphans. Wave gates Facade Data sync Dual run Cutover Exit proof Jobs Feeds Access Cost WHPS-specific controls: 3+ month parallel run, Ensono exit dependency, DB2 Data Catalyst, AWS Transform analysis, migration ledger, and finance-verified retirement.
Replatform candidates
  • Batch payment cycles, month-end premium, high-volume operational COBOL.
  • Target pattern: equivalent compute plus target data store and parity certification.
Rewrite candidates
  • Eligibility and enrollment reconciliation, letter/document generation, scheduler-driven workflows.
  • Target pattern: domain service, API/event contracts, and functional replay tests.
Decommission candidates
  • Legacy reporting, outdated extracts, orphan workflows, unused screens, duplicate data feeds.
  • Target pattern: archive proof, consumer-zero evidence, CMDB and license closure.
Certification rule
  • No write ownership transfer until replay, reconciliation, performance, support, and rollback gates pass.
  • MIPS and vendor savings are counted only after compute and dependency retirement.
Deep migration architecture

Mainframe source estate, coexistence layer, target platform, and decommission path.

This diagram shows the real migration mechanics: dependency analysis drives wave boundaries, an anti-corruption layer protects consumers, replicated data is reconciled, and cutover happens only after dual-run evidence.

Mainframe migration reference architecture Incremental strangler modernization with dependency graphing, data reconciliation, dual run, rollback, and decommission evidence. Current z/OS estate CICS online tran IMS screen/API COBOL rules/calls JCL batch/jobs Db2 tables VSAM files Hidden coupling Copybooks, shared subprograms, batch windows, MQ/file feeds. Activity baseline SMF, scheduler, volume, SLOs. Assessment graph Static analysis Call trees, copybooks, schemas, datasets. Runtime analysis SMF, tran volume, batch duration, consumer usage. Domain grouping Bounded contexts and wave dependency scoring. Disposition Retain, encapsulate, replatform, retire. Coexistence and migration layer Anti-corruption facade Versioned APIs/events normalize legacy contracts for consumers. CDC Delta capture where viable Batch Extract/load file parity Reconciliation engine Counts, checksums, field parity, exception queue, retry state. Rollback control Route back, reverse log, runbook. Target cloud platform APIs REST/events Services domains Data managed DB Events stream/bus Observability and IAM Tracing, logs, secrets, access, cost, SLO, incident telemetry. Decommission ledger Jobs, feeds, licenses, access, contracts, archive validation. rollback path remains active until dual-run variance, performance, and support readiness meet the cutover threshold
Cutover control flow Each wave moves through evidence gates before traffic or write ownership changes. 1. Capture Production events, batch cycles, jobs, files, APIs. output: replay set 2. Replicate Initial load, CDC, batch extract, schema map. output: target data 3. Reconcile Counts, checksums, field parity, exceptions. gate: data clean 4. Dual run Replay events to legacy and target in parallel. gate: output parity 5. Canary Move bounded traffic, watch SLO and defects. gate: support ready 6. Cutover Route ownership, close legacy write path. output: release record Cutover control tower CAB approval, owner signoff, production smoke tests, rollback owner, communication plan, incident bridge, and support readiness. No wave exits until retirement tasks are assigned to named owners with due dates and finance linkage. rollback trigger: SLO breach, data drift, parity variance, unresolved defect, or support readiness failure
Transformation posture

Define the future platform from business outcomes, then use legacy selectively for validation.

The newly ingested mainframe-to-AI-native strategy sharpens the message: the target is not a COBOL translation program and not a cloud copy of old technical debt. WHPS defines the future ServiceLink Portal, BrokerLink Portal, GroupLink Portal, Contact Center AI, membership management, data, and operations model first. Legacy systems become reference systems, validation systems, migration sources, and reconciliation baselines during transition.

Legacy-led pattern to avoid WHPS target posture Evidence produced Decision gate
Translate COBOL into a modern language and carry forward old structures. Rebuild capabilities around product, domain, API, event, data, and operating requirements. Capability map, service contract, target architecture ADR, value case. Architecture intake
Spend months documenting every program before useful delivery begins. Build target slices in parallel while using targeted discovery for rules, data, dependencies, and edge cases. Discovery register, rule-confirmation log, golden transaction set. Wave planning
Move batch windows and point-to-point files unchanged into cloud infrastructure. Redesign operational data movement with APIs, events, streaming, reconciliation, exception queues, and observability. Event catalog, data lineage, reconciliation scorecard, SLO baseline. Dual run
Let legacy architecture dictate future process design. Use legacy only to validate completeness, confirm hidden rules, migrate data, and protect continuity. Parity report, SME signoff, migration runbook, residual-risk record. Cutover
Define Business capability target

Future-state product workflows, member outcomes, operations, compliance, and platform services drive design.

Build Cloud-native slices

Create domain services, APIs, events, data products, tests, and evidence while legacy discovery continues.

Discover Targeted legacy facts

Extract business rules, dependencies, data lineage, batch timing, interface contracts, and edge cases.

Validate Parallel comparison

Replay golden scenarios, reconcile outputs, verify performance, prove rollback, and capture audit evidence.

Expand Progressive decommission

Increase target ownership by domain until jobs, interfaces, databases, access, and run costs are retired.

Target architecture

AI-native target migration control plane.

Coexistence is transitional, not the destination. Mainframe remains the source for selected domains only while APIs, events, data replication, observability, reconciliation, and new services progressively absorb workload ownership and prepare each dependency for retirement.

Source to target

Mainframe estate to cloud services

Designed around tightly coupled COBOL, JCL, CICS, IMS, Db2, VSAM, schedulers, file feeds, security profiles, and downstream consumers.

Source estate
COBOL, CICS, IMS Online transactions, screen flows, subprogram calls, maps, commarea payloads.
JCL and scheduler Batch windows, restart logic, dataset dependencies, file transfers.
Assessment graph
Dependency map Programs, copybooks, data stores, jobs, queues, reports, consumers, owners.
Disposition model Retain, encapsulate, rehost, replatform, refactor, rewrite, replace, retire.
Coexistence layer
Anti-corruption facade Versioned APIs and events shield consumers from legacy contracts.
Data replication Initial load, CDC where feasible, batch extracts, reconciliation, exception queues.
Target platform
Cloud services Containers, managed databases, object storage, secrets, IAM, observability.
Modern integration API gateway, event bus, service contracts, test harness, CI/CD.
Cutover and retire
Dual run certification Golden transaction replay, output comparison, batch parity, performance baseline.
Decommission ledger Remove jobs, interfaces, licenses, access, retained data, and vendor run cost.
Wave factory

Migration waves ordered by risk and coupling.

Reporting and read-only access move first. Highly coupled transactional cores move after facade, data, test, and rollback controls are proven.

Wave 0 Assess and mobilize

Inventory source estate, build graph, stand up landing zone, CI/CD, test harness, network, IAM.

Wave 1 Read-only strangler

Expose inquiry APIs and reporting paths. Keep mainframe as source of record.

Wave 2 Low-coupling domains

Move bounded functions with limited shared programs and clear rollback path.

Wave 3 Batch orchestration

Move schedulers, file exchanges, restart logic, and reconciliation reporting.

Wave 4 Write ownership

Transfer source-of-record ownership by domain after dual-run certification.

Wave 5 Retire and optimize

Archive, decommission, remove licenses, reduce run cost, and update operating model.

AI-assisted modernization

Use AI to accelerate analysis, not to bypass certification.

AI can parse legacy assets, draft documentation, infer dependencies, propose wave plans, generate tests, and transform code. Human review and golden-master validation remain mandatory.

AI modernization pipeline Human approved
Ingest COBOL, JCL, copybooks

Load code, schemas, jobs, logs, screens, data maps, and owner metadata.

Analyze Domain graph

Extract call trees, data lineage, shared components, transaction families.

Generate Docs and tests

Create specs, golden transactions, parity checks, and migration backlog.

Review SME approval

Approve transformed code, domain boundaries, tests, and release gates.

Certification controls Cutover evidence
Dependency graph complete
72%
Golden transaction parity
64%
Data reconciliation clean
58%
Rollback drill passed
46%

Numbers represent illustrative readiness signals, not production telemetry.

Risk and control matrix

What must be controlled before any cutover.

These controls prevent the migration from becoming a documentation-heavy big-bang program with stale analysis and limited rollback options.

Risk Control Evidence Gate
Hidden business rules and shared subprograms Static analysis, runtime analysis, SME validation, domain graph. Call tree, data lineage, owner signoff, dependency exceptions. Wave intake
Transformed code is semantically wrong Golden-master tests, replay tests, code review, functional equivalence review. Test output, diff report, SME approval, residual-risk record. Certification
Data drift during coexistence CDC/batch replication strategy, source-of-truth rules, reconciliation. Record counts, checksum reports, exception queue, retry log. Dual run
Batch window or latency regression SMF/job baseline, stress testing, capacity model, operational SLOs. Performance report, batch timeline, failure recovery drill. Cutover
Decommission never happens Retirement ledger tied to jobs, interfaces, data, licenses, contracts, owners. Closed job list, access removal, archive validation, savings ledger. Exit
Sources

Modernization references used for this blueprint.

Primary source material emphasizes incremental waves, anti-corruption layers, strangler modernization, testing, coexistence, and explicit cutover control.

AWS Transform for mainframe AWS Transform user guide AWS mainframe decomposition AWS decoupling patterns AWS strangler fig pattern AWS anti-corruption layer AWS data replication strategy AWS cutover runbook