Summary: Migrating from 4-6 separate security vendors to a unified edge platform seems daunting—but with the right approach, it takes just 7 days. This step-by-step guide covers DNS migration, security rule porting, traffic validation, and vendor decommissioning without downtime.
You've decided to consolidate. You're tired of managing 4-6 security vendors, paying hidden costs, and dealing with fragmented incident response. You want one platform.
The fear: Migration will cause downtime. Migration will take months. Migration will break things.
The reality: With proper planning, you can migrate to a unified edge platform in 7 days—with zero downtime.
This guide walks you through every step, from preparation to vendor decommissioning. Follow it exactly, and you'll be running on a unified platform by end of week.
The 7-Day Migration Plan
Pre-Migration: Preparation (Before Day 1)
Inventory Your Current Stack:
Set Up Unified Platform Account:
Day 1: Configuration (Monday)
Morning: Domain Setup (2-3 hours)
-
Add All Domains
- Add primary domain (e.g., example.com)
- Add subdomains (api.example.com, cdn.example.com, etc.)
- Verify domain ownership (DNS TXT record)
-
Configure SSL/TLS
- Upload existing SSL certificates (if custom)
- Or enable auto-managed SSL (free, automatic)
- Configure TLS version (TLS 1.2+ minimum, TLS 1.3 preferred)
- Enable HSTS
-
Configure Origin Server
- Set origin IP/hostname
- Configure origin protocols (HTTP or HTTPS)
- Set health check parameters
- Configure failover origins (if applicable)
Afternoon: Security Rules (3-4 hours)
-
Port WAF Rules
- Import OWASP Top 10 rules (usually pre-configured)
- Create custom rules matching your existing WAF
- Configure rule actions (block, challenge, log)
- Set exception rules for known legitimate patterns
-
Configure DDoS Protection
- Enable L3/L4 DDoS protection (usually automatic)
- Configure L7 DDoS protection
- Set rate limiting rules
- Configure challenge pages
-
Set Up Bot Management
- Enable bot detection
- Configure allowed bots (Googlebot, Bingbot, etc.)
- Set up bot challenge rules
- Configure CAPTCHA-less challenges
Morning: Caching Configuration (3-4 hours)
-
Configure Caching Rules
- Set cache TTLs for static content (images, CSS, JS)
- Configure dynamic content caching (short TTLs)
- Set cache-control headers
- Configure cache purge mechanisms
-
Configure Performance Optimization
- Enable HTTP/2 and HTTP/3
- Enable Brotli/Gzip compression
- Configure image optimization (if available)
- Enable smart routing
Afternoon: Testing Environment (2-3 hours)
- Set Up Testing
- Configure staging domain (test.example.com)
- Point staging DNS to unified platform
- Test all functionality through staging
- Verify SSL, caching, security rules
Day 3: Parallel Running (Wednesday)
Full Day: Traffic Split (6-8 hours)
-
Enable Traffic Split
- Route 10% of production traffic to unified platform
- Keep 90% on existing vendors
- Monitor both paths simultaneously
-
Monitor and Compare
- Compare page load times (old vs new)
- Compare error rates
- Compare security blocking (false positives)
- Compare SSL validation
- Verify all features work correctly
-
Fix Issues
- Address any configuration issues found
- Tune WAF rules to reduce false positives
- Adjust caching rules based on real traffic
- Fix any broken functionality
Day 4: Gradual Migration (Thursday)
Morning: Increase Traffic (4 hours)
- Route 50% of Traffic
- Increase unified platform traffic to 50%
- Monitor for 2-3 hours
- Verify all metrics are acceptable
Afternoon: Further Increase (4 hours)
- Route 90% of Traffic
- Increase unified platform traffic to 90%
- Keep 10% on old vendors (safety net)
- Monitor for 2-3 hours
- Verify all metrics are acceptable
Day 5: Full Migration (Friday)
Morning: Complete Migration (3-4 hours)
-
Route 100% of Traffic
- Switch all DNS records to unified platform
- Configure DNS TTL to 300 seconds (5 minutes)
- Verify all traffic flowing through unified platform
- Monitor for any issues
-
Verify Complete Migration
- Check all domains resolving to unified platform
- Verify SSL certificates valid
- Test all functionality (login, checkout, API, etc.)
- Confirm security rules working (WAF, DDoS, Bot)
Afternoon: Post-Migration Verification (3-4 hours)
- Comprehensive Testing
- Test from multiple regions (US, EU, Asia, etc.)
- Test during peak hours
- Test security (simulate attacks)
- Test performance (page load times)
Day 6: Optimization (Saturday — Optional)
Half Day: Fine-Tuning (4 hours)
-
Optimize Configuration
- Review analytics from Day 5
- Tune caching rules based on hit rates
- Adjust WAF rules based on false positive data
- Optimize rate limiting based on traffic patterns
-
Document Configuration
- Document all settings
- Create runbook for common tasks
- Document emergency procedures
- Update team documentation
Day 7: Vendor Decommissioning (Sunday — or following week)
Half Day: Cleanup (4 hours)
-
Decommission Old Vendors
- Cancel old CDN subscription
- Cancel old WAF subscription
- Cancel old DDoS subscription
- Cancel old Bot Management subscription
- Cancel old Monitoring subscription
- Export final data/logs from old vendors
-
Final Verification
- Verify all traffic through unified platform
- Verify no traffic still going to old vendors
- Confirm billing for old vendors will stop
- Archive old vendor configurations (for reference)
Zero-Downtime Migration Techniques
DNS-Based Traffic Splitting
How It Works:
- Use weighted DNS records to split traffic
- Gradually shift weight from old to new platform
- If issues detected, shift weight back immediately
Example:
- Day 3: Old=90%, New=10%
- Day 4 AM: Old=50%, New=50%
- Day 4 PM: Old=10%, New=90%
- Day 5: Old=0%, New=100%
Rollback: If any issues, shift weight back to old in < 5 minutes.
Canary Deployment
How It Works:
- Route specific user segments to new platform first
- Internal users → Beta users → 10% → 50% → 100%
- Monitor each segment before expanding
Example:
- Day 3: Internal users only
- Day 3 PM: Beta users (1% of traffic)
- Day 4: 10% of all users
- Day 4 PM: 50% of all users
- Day 5: 100% of all users
Real-World Migration Results
SaaS platform migrating from 5 vendors:
| Metric |
Day 1 |
Day 3 |
Day 5 |
Day 7 |
| Traffic on new platform |
0% |
10% |
100% |
100% |
| Page load time |
2.8s |
2.8s |
0.9s |
0.9s |
| Security incidents |
0 |
0 |
0 |
0 |
| Downtime |
0 |
0 |
0 |
0 |
| False positives |
- |
3 (fixed) |
0 |
0 |
Results:
- Zero downtime during migration
- Page load time: -68%
- Monthly cost: -$72K
- Migration duration: 5 working days
Case Study 2: Ecommerce Store
Ecommerce store migrating from 4 vendors:
| Metric |
Day 1 |
Day 3 |
Day 5 |
Day 7 |
| Traffic on new platform |
0% |
10% |
100% |
100% |
| Page load time |
3.5s |
3.5s |
1.1s |
1.0s |
| Security incidents |
0 |
0 |
0 |
0 |
| Downtime |
0 |
0 |
0 |
0 |
| Conversion rate |
2.1% |
2.1% |
2.8% |
2.9% |
Results:
- Zero downtime during migration
- Conversion rate: +38%
- Monthly cost: -$45K
- Migration duration: 5 working days
Common Migration Mistakes to Avoid
Mistake 1: Big Bang Migration (All Traffic at Once)
Never switch 100% of traffic on Day 1. Use gradual migration to catch issues early.
Mistake 2: Not Porting Custom WAF Rules
Generic OWASP rules aren't enough. Port your custom WAF rules to avoid false positives or missed attacks.
Mistake 3: Not Testing SSL Certificates
SSL certificate issues cause immediate downtime. Verify certificates before switching traffic.
Mistake 4: Forgetting About DNS TTL
Lower DNS TTL to 300 seconds before migration. High TTL (3600+ seconds) means slow rollback if issues occur.
Mistake 5: Not Having Rollback Plan
Always maintain the ability to roll back to old vendors. Keep old configurations active for 7 days after migration.
Mistake 6: Canceling Old Vendors Too Early
Keep old vendor subscriptions active for 7-14 days after full migration. This provides a safety net.
Mistake 7: Not Monitoring During Migration
Monitor every metric during migration: page loads, error rates, security events, SSL validity.
Migration Checklist Summary
Pre-Migration:
Day 1-2: Configuration
Day 3-4: Gradual Migration
Day 5: Full Migration
Day 6-7: Optimization & Cleanup
Take Action Today
Migration doesn't have to take months. With the right plan, you can migrate to a unified edge platform in 7 days—with zero downtime.
Get Started in 3 Steps:
- Inventory Your Stack — Document all vendors and configurations
- Set Up Unified Platform — Create account, add domains, port rules
- Follow the 7-Day Plan — Gradual migration with zero downtime
Pricing Plans
| Plan |
Best For |
Specifications |
Original Price |
Promo Price |
| Free |
Personal Developers, MVP Teams |
Basic protection & static acceleration |
—— |
$0/month |
| Personal |
Early-Stage Businesses |
50GB + 3M requests | CDN + Security |
$4.2/month |
$0.9/month |
| Basic |
Growing Businesses |
500GB + 20M requests | OWASP TOP 10 |
$57/month |
$32/month |
| Standard |
Enterprise Businesses |
3TB + 50M requests | WAF + Bot Management |
$590/month |
$299/month |
Start Your 7-Day Migration Today
Get Started with Tencent Cloud EdgeOne
View Current Promotions & Discounts
Migration doesn't have to be scary. Follow this 7-day plan and migrate from multiple vendors to one unified platform—with zero downtime. Try it free today.