Symptoms:
- Diagrams list servers, IPs, and VNets, but no actionable steps for Azure RBAC, PIM, or Entra group creation.
- The access-setup team can’t translate static topology into identity and role assignments.
- Design deliverables stop at infrastructure layers, leaving identity, security, and automation implicit.
๐งฉ The Missing Bridge: Implementation Mapping (WHAT → HOW)
DEFINITION: What’s really missing: A translational layer between the “physical design” (WHAT) and the “implementation procedure” (HOW).
What’s really missing: The Missing Link: bridging the WHAT and the HOW since time immemorial (or at least since the last design review). The quest: Somewhere between the "physical design" (WHAT) and the "implementation procedure" (HOW) lies a semi-mythical construct known to project managers as "the missing spec". It speaks all languages, but none fluently.
Static Topology 2 Dynamic Procedure
The WSxx structure runs cleanly from governance to go-live and beyond.
WS01–WS05 are about making sure the ground is solid;
WS06–WS09 are where the data and reporting magic happens;
WS10–WS12 are delivery, testing, and handover.
The Implementation Translation Layer (ITL) sits in WS01 — bridging the “what” of design and the “how” of implementation so no one is left guessing.
Programme Work Streams (WS00โWS12)
Script-free accordion: opening one WS closes the others. WS00 starts open.
| Description | Sets the programme up properly โ ownership, cadence, RAID, reporting, and a common language across teams. |
|---|---|
| Key Deliverables | PID โข Governance Framework โข RAID Log โข RACI Matrix โข Delivery Calendar |
| Candidate Roles & Skills | Programme Manager โ planning, steering, risk PMO Lead โ cadence, reporting, tooling Change Analyst โ comms, impact mapping |
| Student Hook | Like organising a huge school project so everyone knows their job and no one forgets homework. |
| Scenario | Before any migration, PMO sets up templates, channels, and weekly stand-ups so every WS works the same way. |
| Description | Builds the Azure foundations โ environments, permissions, Entra groups, certs, connectivity. Produces the Implementation Translation Layer (ITL). |
|---|---|
| Key Deliverables | Environment Build Checklist โข ITL (WHATโHOW) โข Access Matrix โข Certificate Register |
| Candidate Roles & Skills | Solution Architect โ landing zones, standards Azure Engineer โ RBAC, subscriptions, policy IDAM Specialist โ Entra, PIM, Conditional Access |
| Student Hook | Making sure everyoneโs got the right keys to the right rooms โ not everyone gets the master key. |
| Scenario | Dev/SIT/UAT built with group-based access; ITL says exactly how to request, approve, and assign roles. |
| Description | Connectivity between tenants, routing, DNS, ExpressRoute, private endpoints, and firewalls. |
|---|---|
| Key Deliverables | Network Design Pack โข Firewall & Routing Config โข Connectivity Test Plan |
| Candidate Roles & Skills | Network Engineer โ IP, subnets, BGP Security Engineer โ firewall rules, IDS Infra Architect โ topology, resilience |
| Student Hook | Wiring up all the computers so messages know where to go. |
| Scenario | Firewall rules allow Dynamics (Serco) to reach SQL pool (Capita) for controlled test loads. |
| Description | Target apps (Dynamics, SharePoint, Power Platform) are patched, licensed, configured, and ready to integrate. |
|---|---|
| Key Deliverables | Application Readiness Report โข Endpoint Register โข Integration Access Plan |
| Candidate Roles & Skills | App Owner โ configs, licensing Technical Lead โ plugins, connectors Release Manager โ gates, approvals |
| Student Hook | Making sure the toys work before the game starts. |
| Scenario | Power Platform connectors validated; known plug-ins smoke-tested in UAT. |
| Description | Defines secure data exchange โ APIs, Logic Apps, KingswaySoft pipelines โ with CI/CD and secrets. |
|---|---|
| Key Deliverables | Integration Design Document โข API Catalogue โข Connection & Secret Register |
| Candidate Roles & Skills | Integration Architect โ patterns, contracts API Developer โ REST, OAuth2 DevOps Engineer โ pipelines, IaC |
| Student Hook | Building pipes that let different machines talk without shouting. |
| Scenario | Logic App posts nightly updates from Dynamics to Synapse; secrets stored in Key Vault. |
| Description | Enforces BBC InfoSec and UK GDPR: Entra, Conditional Access, PIM, audit, key rotations. |
|---|---|
| Key Deliverables | Security Architecture โข IDAM Build Book โข Compliance Statement โข RBAC Mapping |
| Candidate Roles & Skills | Security Architect โ policy, controls Compliance Officer โ GDPR, DPIA IDAM Engineer โ PIM, CA, audits |
| Student Hook | Setting the rules so no one sneaks into the sweet shop. |
| Scenario | MFA required for admins; PIM used for just-in-time elevation; logs sent to SIEM. |
| Description | Moves data cleanly and provably: extract, transform, load, reconcile, evidence. |
|---|---|
| Key Deliverables | Data Migration Strategy โข Entity Mapping โข Reconciliation Logs โข Migration Runbook |
| Candidate Roles & Skills | Data Architect โ design, lineage ETL Developer โ SSIS, Python, SQL Test Analyst โ data QA, counts |
| Student Hook | Like moving toys from one box to another without losing any pieces. |
| Scenario | Legacy SQL โ staging โ Dataverse; counts checked at each hop; exceptions logged and fixed. |
| Description | Masks/pseudonymises production data for safe non-prod testing while keeping realism. |
|---|---|
| Key Deliverables | Concealment Rules Catalogue โข Algorithm Register โข KingswaySoft Pipeline Spec |
| Candidate Roles & Skills | Data Engineer โ hashing, tokenisation Data Privacy Officer โ policy, risk Security Architect โ key mgmt, KMS |
| Student Hook | Changing real names into made-up ones so testers can play safely. |
| Scenario | Names and postcodes swapped with deterministic fakes; audit shows what changed (not who). |
| Description | Rebuilds reporting: Synapse, models, Power BI; validates meaning and performance. |
|---|---|
| Key Deliverables | BI Design Pack โข Dataset Catalogue โข Visual Validation Log |
| Candidate Roles & Skills | BI Architect โ modelling, governance Data Modeller โ star, SCD Power BI Dev โ DAX, visuals |
| Student Hook | Drawing pictures that tell the story of whatโs happening. |
| Scenario | Legacy KPIs rebuilt in Power BI; refresh via pipelines; numbers reconcile to finance baseline. |
| Description | Migrates and republishes SSRS RDLs; updates data sources; aligns permissions. |
|---|---|
| Key Deliverables | RDL Inventory โข Publishing Runbook โข Verification Checklist |
| Candidate Roles & Skills | Report Developer โ RDL, datasets DBA โ connections, performance Release Manager โ scheduling |
| Student Hook | Copying old drawings onto new paper without smudging them. |
| Scenario | Finance RDLs re-pointed to Synapse SQL; shared data sources; folder-level RBAC applied. |
| Description | Builds the playbook for go-live: sequence, timing, checkpoints, rollback. Proves it end-to-end. |
|---|---|
| Key Deliverables | Cutover Plan โข Dress Rehearsal Report โข Issue Log |
| Candidate Roles & Skills | Cutover Manager โ choreography Release Lead โ gates, comms Tech Leads โ scripts, rollback |
| Student Hook | Practising the big show before opening night. |
| Scenario | Full trial run with checkpoints and a timed rollback drill; lessons logged into the plan. |
| Description | Runs SIT, UAT, NF testing; proves systems and data behave; defects tracked and closed. |
|---|---|
| Key Deliverables | Test Plan โข Test Scripts โข Defect Log โข QA Sign-off |
| Candidate Roles & Skills | Test Manager โ strategy, cycles Data QA Analyst โ reconciliations Business Tester โ acceptance |
| Student Hook | Checking your homework before handing it in. |
| Scenario | UAT verifies contacts in Dynamics, reconciles row counts and key KPIs to legacy. |
| Description | Stabilises after go-live, resolves issues, hands over to BAU with documentation and KT. |
|---|---|
| Key Deliverables | Hypercare Plan โข Transition Checklist โข Knowledge Transfer Pack |
| Candidate Roles & Skills | Service Transition Lead โ ITIL, KT Support Engineer โ monitoring, fixes Knowledge Manager โ runbooks |
| Student Hook | Making sure the new toy keeps working after Christmas morning. |
| Scenario | Runbooks handed to BAU; job runs monitored; user tickets triaged and closed within SLOs. |