Symptoms:
- Diagrams list servers, IPs, and VNets, but no actionable steps for Azure RBAC, PIM, or Entra group creation.
- The access-setup team can’t translate static topology into identity and role assignments.
- Design deliverables stop at infrastructure layers, leaving identity, security, and automation implicit.
๐งฉ The Missing Bridge: Implementation Mapping (WHAT → HOW)
DEFINITION: What’s really missing: A translational layer between the “physical design” (WHAT) and the “implementation procedure” (HOW).
What’s really missing: The Missing Link: bridging the WHAT and the HOW since time immemorial (or at least since the last design review). The quest: Somewhere between the "physical design" (WHAT) and the "implementation procedure" (HOW) lies a semi-mythical construct known to project managers as "the missing spec". It speaks all languages, but none fluently.
Static Topology to Dynamic Procedure
The WSxx structure runs cleanly from governance to go-live and beyond.
WS01–WS05 are about making sure the ground is solid;
WS06–WS09 are where the data and reporting magic happens;
WS10–WS12 are delivery, testing, and handover.
The Implementation Translation Layer (ITL) sits in WS01 — bridging the “what” of design and the “how” of implementation so no one is left guessing.
Programme Work Streams (WS00โWS12)
opening one WS closes the others. WS00 starts open.
| Description | Sets the programme up properly โ ownership, cadence, RAID, reporting, and a common language across teams. |
|---|---|
| Key Deliverables | PID โข Governance Framework โข RAID Log โข RACI Matrix โข Delivery Calendar |
| Candidate Roles & Skills | Programme Manager โ planning, steering, risk PMO Lead โ cadence, reporting, tooling Change Analyst โ comms, impact mapping |
| Student Hook | Like organising a huge school project so everyone knows their job and no one forgets homework. |
| Scenario | Before any migration, PMO sets up templates, channels, and weekly stand-ups so every WS works the same way. |
| Description | Builds the Azure foundations โ environments, permissions, Entra groups, certs, connectivity. Produces the Implementation Translation Layer (ITL). |
|---|---|
| Key Deliverables | Environment Build Checklist โข ITL (WHATโHOW) โข Access Matrix โข Certificate Register |
| Candidate Roles & Skills | Solution Architect โ landing zones, standards Azure Engineer โ RBAC, subscriptions, policy IDAM Specialist โ Entra, PIM, Conditional Access |
| Student Hook | Making sure everyoneโs got the right keys to the right rooms โ not everyone gets the master key. |
| Scenario | Dev/SIT/UAT built with group-based access; ITL says exactly how to request, approve, and assign roles. |
| Description | Connectivity between tenants, routing, DNS, ExpressRoute, private endpoints, and firewalls. |
|---|---|
| Key Deliverables | Network Design Pack โข Firewall & Routing Config โข Connectivity Test Plan |
| Candidate Roles & Skills | Network Engineer โ IP, subnets, BGP Security Engineer โ firewall rules, IDS Infra Architect โ topology, resilience |
| Student Hook | Wiring up all the computers so messages know where to go. |
| Scenario | Firewall rules allow Dynamics (Serco) to reach SQL pool (Capita) for controlled test loads. |
| Description | Target apps (Dynamics, SharePoint, Power Platform) are patched, licensed, configured, and ready to integrate. |
|---|---|
| Key Deliverables | Application Readiness Report โข Endpoint Register โข Integration Access Plan |
| Candidate Roles & Skills | App Owner โ configs, licensing Technical Lead โ plugins, connectors Release Manager โ gates, approvals |
| Student Hook | Making sure the toys work before the game starts. |
| Scenario | Power Platform connectors validated; known plug-ins smoke-tested in UAT. |
| Description | Defines secure data exchange โ APIs, Logic Apps, KingswaySoft pipelines โ with CI/CD and secrets. |
|---|---|
| Key Deliverables | Integration Design Document โข API Catalogue โข Connection & Secret Register |
| Candidate Roles & Skills | Integration Architect โ patterns, contracts API Developer โ REST, OAuth2 DevOps Engineer โ pipelines, IaC |
| Student Hook | Building pipes that let different machines talk without shouting. |
| Scenario | Logic App posts nightly updates from Dynamics to Synapse; secrets stored in Key Vault. |
| Description | Enforces BBC InfoSec and UK GDPR: Entra, Conditional Access, PIM, audit, key rotations. |
|---|---|
| Key Deliverables | Security Architecture โข IDAM Build Book โข Compliance Statement โข RBAC Mapping |
| Candidate Roles & Skills | Security Architect โ policy, controls Compliance Officer โ GDPR, DPIA IDAM Engineer โ PIM, CA, audits |
| Student Hook | Setting the rules so no one sneaks into the sweet shop. |
| Scenario | MFA required for admins; PIM used for just-in-time elevation; logs sent to SIEM. |
| Description | Moves data cleanly and provably: extract, transform, load, reconcile, evidence. |
|---|---|
| Key Deliverables | Data Migration Strategy โข Entity Mapping โข Reconciliation Logs โข Migration Runbook |
| Candidate Roles & Skills | Data Architect โ design, lineage ETL Developer โ SSIS, Python, SQL Test Analyst โ data QA, counts |
| Student Hook | Like moving toys from one box to another without losing any pieces. |
| Scenario | Legacy SQL โ staging โ Dataverse; counts checked at each hop; exceptions logged and fixed. |
| Description | Masks/pseudonymises production data for safe non-prod testing while keeping realism. |
|---|---|
| Key Deliverables | Concealment Rules Catalogue โข Algorithm Register โข KingswaySoft Pipeline Spec |
| Candidate Roles & Skills | Data Engineer โ hashing, tokenisation Data Privacy Officer โ policy, risk Security Architect โ key mgmt, KMS |
| Student Hook | Changing real names into made-up ones so testers can play safely. |
| Scenario | Names and postcodes swapped with deterministic fakes; audit shows what changed (not who). |
| Description | Rebuilds reporting: Synapse, models, Power BI; validates meaning and performance. |
|---|---|
| Key Deliverables | BI Design Pack โข Dataset Catalogue โข Visual Validation Log |
| Candidate Roles & Skills | BI Architect โ modelling, governance Data Modeller โ star, SCD Power BI Dev โ DAX, visuals |
| Student Hook | Drawing pictures that tell the story of whatโs happening. |
| Scenario | Legacy KPIs rebuilt in Power BI; refresh via pipelines; numbers reconcile to finance baseline. |
| Description | Migrates and republishes SSRS RDLs; updates data sources; aligns permissions. |
|---|---|
| Key Deliverables | RDL Inventory โข Publishing Runbook โข Verification Checklist |
| Candidate Roles & Skills | Report Developer โ RDL, datasets DBA โ connections, performance Release Manager โ scheduling |
| Student Hook | Copying old drawings onto new paper without smudging them. |
| Scenario | Finance RDLs re-pointed to Synapse SQL; shared data sources; folder-level RBAC applied. |
| Description | Builds the playbook for go-live: sequence, timing, checkpoints, rollback. Proves it end-to-end. |
|---|---|
| Key Deliverables | Cutover Plan โข Dress Rehearsal Report โข Issue Log |
| Candidate Roles & Skills | Cutover Manager โ choreography Release Lead โ gates, comms Tech Leads โ scripts, rollback |
| Student Hook | Practising the big show before opening night. |
| Scenario | Full trial run with checkpoints and a timed rollback drill; lessons logged into the plan. |
| Description | Runs SIT, UAT, NF testing; proves systems and data behave; defects tracked and closed. |
|---|---|
| Key Deliverables | Test Plan โข Test Scripts โข Defect Log โข QA Sign-off |
| Candidate Roles & Skills | Test Manager โ strategy, cycles Data QA Analyst โ reconciliations Business Tester โ acceptance |
| Student Hook | Checking your homework before handing it in. |
| Scenario | UAT verifies contacts in Dynamics, reconciles row counts and key KPIs to legacy. |
| Description | Stabilises after go-live, resolves issues, hands over to BAU with documentation and KT. |
|---|---|
| Key Deliverables | Hypercare Plan โข Transition Checklist โข Knowledge Transfer Pack |
| Candidate Roles & Skills | Service Transition Lead โ ITIL, KT Support Engineer โ monitoring, fixes Knowledge Manager โ runbooks |
| Student Hook | Making sure the new toy keeps working after Christmas morning. |
| Scenario | Runbooks handed to BAU; job runs monitored; user tickets triaged and closed within SLOs. |