// Cloud migration · discovery & assessment

We draw your infrastructure before we move it.

Nobody fully knows what's running in their data center. Read-only collectors, nothing installed, and in about four hours you get the real picture: every server, service, port and dependency, mapped, plus a 7R decision per workload, a target architecture and a sequenced plan.

READ-ONLY/ZERO INSTALL/DATA STAYS UNDER YOUR CONTROL →

ON-PREM · AS FOUND WAVE 1 · REHOST WAVE 2 · REPLATFORM WAVE 3 · REFACTOR web-01:443 · rehost api-02 cache-01:6379 · replatform queue billing-db:5432 · refactor
Example map. Yours is generated from your own read-only scan.
Read-only collectors, no agents installed You review the output, you decide what's shared Every finding, traced to a line of your data Output mapped to AWS CAF & MRA

Built with design partners migrating production estates. Here's exactly what leaves your network.

// 01 · The problem

Most migrations start with a spreadsheet that's already wrong.

The forgotten cron job. The service three other services quietly depend on. The static /etc/hosts entry nobody remembers. Manual discovery takes weeks, the CMDB is stale the day it's written, and the plan gets built on guesses. Miss one dependency and the cutover fails.

The problem isn't your team. It's guesswork, and guesswork is discoverable.

300%
VMWARE LICENSING INCREASE UNDER BROADCOM

Up past 1,000% in AT&T's lawsuit against Broadcom. 74% of IT leaders are now evaluating alternatives, and every one of them needs to know what they actually run first. (Sources: industry reporting, 2024; AT&T v. Broadcom filing, 2024; Gartner Peer Community poll.)

// 02 · How it works

Four steps. No magic, no black box.

One continuous line from raw infrastructure to a plan your team can defend.

01

Read-only scan

Your team runs one command to start a scoped, read-only enumeration through agentless collectors. Nothing is installed, nothing is changed.

host :port service · enumerated, never touched
02

Dependency map

The collectors' text output becomes a complete graph: every server, service, port and dependency, with each edge traced to the exact line it came from.

web-01 :443 → api-02 :8080 → billing-db :5432
03

7R analysis

AI agents give each workload a complexity and dependency score and a 7R disposition (rehost, replatform, refactor, repurchase, relocate, retain or retire), with the reasoning attached, not an opinion.

cache-01 replatform ElastiCache · confidence shown
04

Target architecture + sequenced plan

A target design (VPC, subnets, managed services) and the migration in ordered waves, plus a CTO briefing your leadership can defend in a board room.

Wave 1 Wave 2 Wave 3 · dependencies respected
// 03 · What you get

Four artifacts. Every claim carries its evidence.

01 · THE MAP

Current state

Every server, service, port and dependency from a read-only scan, each traced to the line it came from.

02 · THE DECISION

7R per workload

A disposition for every workload, with the reasoning and a confidence score, defensible in a review.

03 · THE DESIGN

Target architecture

VPC, subnets and managed services on your target cloud, ready for IT and security to sign off.

04 · THE PLAN

Sequenced waves + briefing

The order, the dependencies, the risks, and a CTO briefing in one link.

SHEET 02 · TARGET ARCHrev. A · example
ON-PREMAWS · TARGET web / app redis postgres EC2 · Auto Scaling ElastiCache RDS · Multi-AZ → managed, Multi-AZ, right-sized
7R DISPOSITION · EXAMPLE ESTATE
WorkloadDispositionConfidence
web-01Rehost92%
cache-01Replatform80%
billing-dbRefactor64%
legacy-erpRetire71%
+ why billing-db is Refactor, not Rehost

Hardcoded IP coupling to two upstream services and a stateful on-host volume make a lift-and-shift fragile. Refactor to managed Postgres with connection strings resolved at cutover. Every claim links to the scanned line.

// 04 · Read-only, zero install

One command to start. Nothing left behind.

Discovery is never one magic line, but it starts with one. A scoped, read-only enumeration through agentless collectors. No daemon, no agent, nothing to patch, uninstall or explain to your security team afterward.

Exactly what this reads, and what leaves your network

// 05 · Where your data goes

The deliverable is a map of your estate. Here's exactly how it's handled.

A discovery report is a sensitive artifact, so we treat it like one. This is the whole path, not a badge.

01 · COLLECT
Read-only, in your network

Agentless collectors enumerate hosts, ports and dependencies. No writes, no config changes, least-privilege scope.

02 · REVIEW
You approve the output

The collectors produce plain-text files. Your team reads them and decides what to share.

03 · ANALYZE
Metadata only, encrypted

Only the inventory you approve (hostnames, ports, the dependency graph) is analyzed. Encrypted in transit and at rest.

04 · STORE
Kept for the engagement

Retained only as long as the assessment needs it, under access controls, in your chosen region.

05 · DELETE
Removed on request

Deleted on request and at the end of the engagement. Terms fixed in the DPA.

What never leaves your network: application data, database contents, secrets, credentials, and files at rest. We map the shape of your estate, not its contents. Residency, retention window and deletion terms are set per engagement and documented in the DPA, including in-country processing for Brazil / LGPD.
// 06 · The outcome

A readiness call your CTO can defend.

Instead of a slide deck of confidence, you get a scored, sourced picture: what's ready to move, what needs work first, and the exact dependencies that decide the order.

82%
MIGRATION READINESS

Example score. 7 of 34 items flagged for validation before Wave 1.

// 07 · For consultancies & SIs

A technical execution arm you put your own name on.

You own the client and the relationship. Praesto produces the discovery and assessment behind it: the map, the 7R strategy, the target architecture and the briefing, white-labeled or co-branded, delivered in hours. We replace the guesswork, not your people.

Become a delivery partner

Output maps to the frameworks your reviewers already trust. Target cloud is your call, the approach is cloud-agnostic.

// 08 · Straight answers

What your committee will ask.

Do you install anything on our servers?

No. Read-only, agentless collectors. There's no agent and no daemon, and nothing to patch or uninstall afterward. You run one command to start a scoped enumeration, review the text output, and decide what's shared.

Where does the resulting map go, and how long do you keep it?

Only the inventory you approve is analyzed: hostnames, ports, the dependency graph. Never your data, secrets or credentials. It's encrypted, kept only for the engagement in your chosen region, and deleted on request. The full path is in the Where your data goes section, and the terms are fixed in the DPA (including LGPD in-country processing for Brazil).

It's AI. How do I know it isn't making things up?

Every finding traces line-by-line to your source files, so you can check any claim against the raw data. Confidence is shown with its reasoning, and what couldn't be determined is listed explicitly instead of guessed. High-impact calls are reviewed by an engineer before they ship.

Are we locked into one cloud?

No. The 7R output is provider-neutral and mapped to AWS CAF and the Migration Readiness Assessment so it's familiar to your reviewers. Target cloud is your decision.

How is this different from a consulting assessment?

Same auditable deliverable a good SI would produce, from evidence instead of interviews, in about four hours instead of weeks. We attack the guesswork, not the consultants. In fact, we power some of them (see Partners).

This is not for you if…

…you want a lift-and-shift with no analysis, or a rubber-stamp for a decision already made. Praesto exists to find the things a spreadsheet misses. If you don't want them found, we're the wrong tool.

// Get the map

See what's actually running before you move it.

One read-only scan. A current state you can trust, a 7R call per workload, a target architecture and a sequenced plan, in about four hours, with the evidence attached.

READ-ONLY/NO INSTALL

We reply within one business day. No spam.