OKLAHOMA CITY · MODERNIZATION

Modernize legacy systems without the rewrite-from-scratch trap

SDVOSB software firm working with Tinker depot programs, FAA sustainment, OKC energy operators, and regional insurers. Cloud migration done in 18-36 month arcs, not big-bang rewrites that fail in year two.

Veteran-Owned SDVOSB
[001 / 005] Field Conditions

Most OKC modernization programs stall because someone tried to rewrite everything at once.

// SITUATION

We see the same pattern across Tinker sustainment software, FAA legacy tooling, midstream energy SCADA-adjacent apps, and Oklahoma insurance ERP: a system written in PowerBuilder, VB6, Oracle Forms, or .NET Framework 3.5 has accumulated 15-25 years of business rules nobody fully documented. A vendor proposes a clean-sheet rewrite. Eighteen months in, the new system covers maybe 60% of the rules, the original team has retired, the schedule has slipped twice, and procurement is asking hard questions. Meanwhile the legacy system is still running payroll, depot work orders, or claims.

  • PowerBuilder, VB6, Oracle Forms, or COBOL apps with no surviving original developers and partial documentation
  • Workforce cliff: the two engineers who know the system are within 24 months of retirement
  • Cloud migration blocked by CUI/ITAR data that can't legally land in commercial AWS or Azure
  • Big-bang rewrite contracts at month 14 with 40% scope coverage and no clear path to parity
18-36 mo
typical realistic modernization arc
SDVOSB
set-aside eligible, CAGE registered
GovCloud + IL4
regulated workload landing zones
[002 / 005] Operational Approach

Strangle the legacy. Don't rewrite it from scratch.

  1. STEP-01

    Map the system before touching code

    Two to four weeks on-site or remote: trace data flows, catalog batch jobs, document undocumented business rules from Tinker depot ops or FAA scheduling, identify integration points with Oracle EBS, mainframe screens, and SCADA endpoints. No code changes yet.

  2. STEP-02

    Wrap legacy with an API seam

    Stand up a thin API layer in front of the legacy DB or COBOL/PowerBuilder/VB6 core. New features ship against the API. Old screens keep running. Users feel nothing break. This buys runway for the actual migration.

  3. STEP-03

    Migrate workloads to GovCloud or Azure Gov

    For CUI, ITAR, or CMMC-bound workloads we land in AWS GovCloud or Azure Government. FedRAMP Moderate baseline, IL4/IL5 where required. Commercial AWS for everything that legitimately doesn't need it — we don't over-classify to pad invoices.

  4. STEP-04

    Strangle modules in priority order

    Replace the most painful module first — usually the one blocking an audit or a workforce retirement cliff. Ship every 2-3 weeks. Decommission legacy components only after the replacement has run clean in production for a full quarter.

  5. STEP-05

    Hand off with runbooks and trained staff

    We don't disappear and we don't create dependency. Engineers pair with your team through the arc, leave behind runbooks, IaC in Terraform, CI/CD in GitHub Actions or Azure DevOps, and observability dashboards your people actually understand and own.

// HCL PATTERN 
# Terraform: GovCloud landing zone for a strangled legacy app
# Old PowerBuilder client still talks to RDS Oracle; new API layer in ECS Fargate.

terraform {
  required_providers {
    aws = { source = "hashicorp/aws", version = "~> 5.0" }
  }
  backend "s3" {
    bucket = "voostack-tfstate-govcloud"
    region = "us-gov-west-1"
  }
}

provider "aws" {
  region = "us-gov-west-1"
}

module "legacy_db" {
  source         = "./modules/rds-oracle"
  engine_version = "19.0.0.0.ru-2024-04.rur-2024-04.r1"
  instance_class = "db.m6i.2xlarge"
  kms_key_arn    = aws_kms_key.cui.arn
  multi_az       = true
  backup_days    = 35
}

module "api_seam" {
  source       = "./modules/ecs-fargate-api"
  image        = "${aws_ecr_repository.api.repository_url}:${var.api_sha}"
  vpc_id       = module.network.vpc_id
  subnet_ids   = module.network.private_subnet_ids
  legacy_db_sg = module.legacy_db.security_group_id
  fedramp_mode = "moderate"
}

# New features hit module.api_seam. Legacy fat client keeps running
# against module.legacy_db until the relevant module is strangled.

Strangler-pattern landing zone in AWS GovCloud. Legacy DB stays put while a new API seam carries new functionality.

[003 / 005] Common Questions

Field FAQ.

Why not just rewrite the legacy system from scratch?

Because that's how modernization programs die. A 20-year-old depot or claims system has thousands of business rules buried in stored procedures, batch jobs, and the heads of two senior analysts. A clean-sheet rewrite has to rediscover all of them while also building new infrastructure. We use the strangler pattern instead: wrap the legacy system in an API, replace one module at a time, ship working software every few weeks, and decommission old code only after the replacement is proven.

Can you work on Tinker AFB sustainment software as an SDVOSB?

Yes. We're SDVOSB-certified through the SBA Veteran Small Business Certification program, registered in SAM with an active CAGE code, and structured to take prime or sub work on set-aside vehicles. We've worked the realities of long-cycle DoD procurement: ATO timelines, CMMC posture, ITAR-controlled data, and the gap between award and kickoff. We can come in directly or through an existing prime if that's the cleaner path for your contracting shop.

What's the difference between AWS GovCloud and commercial AWS for our workload?

GovCloud is physically separated, staffed by US persons, and authorized for ITAR, CUI, and FedRAMP High data. Commercial AWS handles FedRAMP Moderate and most non-regulated workloads at lower cost and with faster service availability. Honest answer: a lot of OKC organizations get pushed into GovCloud when they don't actually need it. We assess your data classification first and only land in GovCloud or Azure Government IL4/IL5 when the regulation genuinely requires it.

How long does a realistic modernization actually take?

For a system of meaningful size — say, a depot work-order app, a regional insurer's policy admin platform, or an energy operations dashboard tied to field SCADA — plan on 18 to 36 months from kickoff to legacy decommission. The first 90 days is discovery and the API seam. Modules then strangle in priority order. Anyone quoting you six months for a full replacement of a 15-year-old system is either lying or hasn't read the code yet.

Do you work with PowerBuilder, Oracle Forms, or VB6?

Yes, regularly. These stacks dominate Oklahoma's older insurance, energy, and government back-offices. We don't preserve them — we replace them — but you have to read them first to extract the business rules. Our engineers are comfortable spending the first phase of an engagement reverse-engineering a PowerBuilder DataWindow or a VB6 form to figure out what the system actually does before designing the .NET, Java, or TypeScript replacement.

Can you augment our existing internal team rather than take the whole project?

Often that's the right structure. We provide senior engineers — typically 10-20+ years of experience — who embed with your team for 6 to 18 months. They write production code, mentor your junior staff, and leave behind capability rather than dependency. This works especially well when you have institutional knowledge in-house but lack cloud, security, or modern .NET/TypeScript depth. We charge by the engineer, not by seat count games.

How do you handle CMMC and FedRAMP requirements during the migration?

We design for the target compliance posture from day one rather than bolting it on at the end. That means CMMC Level 2 controls baked into the GovCloud landing zone, separation of CUI from non-CUI workloads, IaC that enforces encryption and logging by default, and an audit trail that an assessor can actually follow. We'll work with your existing 3PAO or RPO and produce the SSP artifacts your contracting officer needs.

What happens to our data during the migration?

It stays where it is until we have a tested, reversible cutover plan. We mirror data into the new system, run both in parallel for a defined period, reconcile differences, and only flip authoritative writes after the new path has run clean. For regulated data we document chain of custody, encryption at rest and in transit, and key management explicitly. No 'big weekend cutover' cowboy moves on systems that pay claims or schedule depot work.

Are you actually based in Oklahoma City?

We're a US-based veteran-owned firm with engineers who work on-site across OKC, Tinker, and the broader region as engagements require. We don't subcontract overseas, we don't offshore code on regulated work, and we don't pretend a sales office is an engineering presence. For federal and CUI engagements all work is performed by US persons inside the United States, full stop.

[004 / 005] Adjacent Files

Continue recon.

REL-01

Modernization services

How we approach legacy migration, API seams, and cloud landing zones.

 REL-02

Past engagements

Examples of strangler-pattern migrations and federal modernization arcs.

 REL-03

Engagement packages

Discovery sprints, embedded engineering pods, and full modernization arcs.

 REL-04

Talk to an engineer

Skip the sales call. Get a working session with someone who ships code.
[ NEXT ACTION ]

Bring us your PowerBuilder, your Oracle Forms, your COBOL — we'll give you a real plan.

Talk to a VooStack operator. We respond within one business day.

Open a Channel Full Services