ELRD Roadmap 2026 — Elmera VDC Platform

Innofactor · Elmera VDC Platform · March 2026

ELRD
Roadmap

Team Handover Package — Pre-Jira Import Review

165

ETAT Issues

7

Initiatives

20

Epics

91

Stories

Damian Flynn · Nothing has been written to Jira yet — all content is for review.

The Situation

The backlog has grown without strategic structure.

ETAT holds 735 issues total — 165 are active (non-Done). They span network security, monitoring, cost, migrations, and governance. No initiative grouping means no way to prioritise across workstreams.

Signal	Detail
4 ex-team members	Simen Hjelle, Kenneth Hansen, Malin Synnes, Haakon Baglo — all left Innofactor
Orphaned in-flight work	ETAT-15 (monitoring), ETAT-227 (MMA→AMA) — abandoned mid-task
Deadline breached	MMA deprecated Aug 2024 — 19 months past end-of-support, no replacement confirmed
No prioritisation framework	Backlog, Up Next, In Progress, Proposal — all mixed without Initiative context

19

Months past MMA EOL

72

Proposals awaiting triage

5

Escalates without owner

SIMEN

Critical work orphaned

How This Was Built

6-Phase Inventory → Roadmap Process

Phase 1

Inventory

Phase 2

Cluster

Phase 3

Map

Phase 4

PRD

Phase 5

Gap Analysis

Phase 6

Spec

Phase 1	165 ETAT active issues enumerated across 4 pages — complete inventory
Phase 2	Issues grouped by theme → 7 Initiatives, 20 Epics (human clustering, not automated)
Phase 3	Each issue assigned a Disposition: Story / Review / Escalate
Phase 4	Product Requirement Docs written for all 7 Initiatives — scope, success criteria
Phase 5	PRD vs backlog gap analysis → 1 new Epic (E2.4), 25 new Stories identified
Phase 6	Escalate items split into Discovery + Remediation tickets, ready to create in NOSD

Output: this staging branch — ready for team triage, then Jira import

Initiative Overview

7 Initiatives — 20 Epics — 171 Issues

Initiative	Theme	Epics	Issues	Horizon
INIT-1 Secure the Platform	Network, IAM, Defender, Secrets	E1.1–E1.4	44	Q1–Q3
INIT-2 Operate Reliably	Monitoring, Alerting, BCDR, SRE	E2.1–E2.4	57+	Q1–Q4
INIT-3 Modernise Infrastructure	IaC, Pipelines, Fed Creds	E3.1–E3.3	11	Q1–Q4
INIT-4 Optimise Cost	Rightsizing, Test Cost, Decommission	E4.1–E4.3	30	Q1–Q3
INIT-5 Migrate to Gen3	Gen2→Gen3, Moment v2	E5.1–E5.2	12	Q2–Q4
INIT-6 Govern the Estate	Classification, Standards, PKI	E6.1–E6.3	6	Q1–Q3
INIT-7 Enable Cloud Operations	Automation, Docs, Service Comms	E7.1–E7.2	11	Q1–Q3
Total	—	20	171	—

~91 Stories 72 Reviews — need triage 5 Escalates — need owner 1 New Epic (E2.4)

Strategic Dependencies

Which Initiatives unlock which

graph TD
    NOSD["NOSD-2303\nMMA Audit\nActive now"]

    I1["INIT-1\nSecure Platform"]
    I2["INIT-2\nOperate Reliably"]
    I3["INIT-3\nModernise IaC"]
    I4r["INIT-4 E4.1-2\nRightsize"]
    I4d["INIT-4 E4.3\nDecommission"]
    I5["INIT-5\nMigrate Gen3"]
    I6["INIT-6\nGovern Estate"]
    I7["INIT-7\nCloud Ops"]

    subgraph NOW["Start Now — no blockers"]
        I1
        I3
        I4r
        I6
        I7
        NOSD
    end

    subgraph Q2["Q2 — unlocked by Q1"]
        I2
        I5
    end

    NOSD -->|findings scope| I2
    I6 -->|what to harden| I1
    I6 -->|safe to retire| I4d
    I3 -->|IaC stable| I5
    I5 -->|Gen3 live| I4d
    I1 -->|sec baseline| I5

    classDef now fill:#0052cc22,stroke:#4c9ee4,stroke-width:1.5px
    classDef q2 fill:#00400022,stroke:#4ade80,stroke-width:1.5px
    classDef audit fill:#cc000022,stroke:#ff5c5c,stroke-width:2px

    class I1,I3,I4r,I6,I7 now
    class I2,I5 q2
    class NOSD audit

Key Planning Rules

E6.1 Classification gates E1.3 + E4.3

Russell's classification work unlocks two other Initiatives — escalate if it slips

E3.2 pipeline tooling gates INIT-5

Don't start migration wave until bicep-action templates are stable

NOSD-2303 findings gate E2.1 scope

2-week MMA audit → if present, remediation NOSD raised immediately

E2.2 alerting — fully parallel

No upstream dependencies — assign independently, quick win

Roadmap Timeline 2026

March 2026 → Q1 2027

gantt
    title ELRD Initiative Roadmap 2026
    dateFormat  YYYY-MM-DD
    axisFormat  %b

    section Now Mar
    INIT-1 E1.4 TLS Secrets DEADLINE    :crit, active, 2026-03-10, 5w
    INIT-3 E3.3 Federated Creds         :crit, active, 2026-03-10, 3w
    INIT-6 E6.1 Classification Blocker  :crit, active, 2026-03-10, 10w
    MMA Audit NOSD-2303                 :crit, active, 2026-03-10, 2w
    INIT-7 E7.1 Ops Automation          :active, 2026-03-10, 12w
    INIT-4 E4.1 Rightsizing             :active, 2026-03-10, 16w

    section Q2 Apr-Jun
    INIT-1 E1.1 Network Perimeter       :2026-03-24, 12w
    INIT-1 E1.2 IAM Access              :2026-03-24, 12w
    INIT-2 E2.1 Monitoring Migration    :2026-03-24, 10w
    INIT-2 E2.2 Alerting Rationalisation:2026-03-24, 16w
    INIT-2 E2.3 BCDR SRE               :2026-04-07, 20w
    INIT-2 E2.4 SRE Golden Signals NEW  :2026-04-21, 16w
    INIT-5 E5.2 Moment v2              :2026-04-07, 6w
    INIT-4 E4.2 Test Cost Governance   :2026-04-07, 8w

    section Q3 Jul-Sep
    INIT-1 E1.3 Security Posture       :2026-07-01, 14w
    INIT-5 E5.1 Gen3 Migrations        :2026-07-01, 24w
    INIT-4 E4.3 Decommission Wave      :2026-08-01, 16w
    INIT-6 E6.3 PKI Modernisation      :2026-07-01, 12w

■ crit = deadline / critical path ■ active = in progress now ■ plain = planned (not started)

INIT-1

Secure the Platform

Network perimeter, IAM, security posture & secret management

Epic	Theme	Stories	Reviews
E1.1 Network & Perimeter	Firewall, App GW, NSG, DNS, Private Endpoints	9	3
E1.2 IAM & Access	RBAC migration, AAD Connect, PIM, ADO access	5	4
E1.3 Security Posture	Defender for Cloud, Advisor, vuln assessment, TLS	4	13
E1.4 Secrets & Encryption	Secure sharing, public access removal, TLS 1.0/1.1	4	0

Active Deadlines

TLS 1.0 / 1.1 Deprecation

E1.4 — ETAT-707 is time-critical. Already overdue. Blocking ticket.

ETAT-501 — Firewall Policy Analytics

Priority: Blocker — must be first work item in E1.1. Determines what rules to keep/remove.

E6.1 Classification gates E1.3

Can't prioritise Defender hardening until Business Critical workloads are classified.

44 issues total · 22 Stories · 20 Reviews · 2 Escalate
Q1–Q3 horizon. E1.4 starts immediately; E1.3 waits for E6.1.

INIT-2

Operate Reliably

Monitoring, alerting, BCDR & SRE fundamentals

Epic	Stories	Reviews	Escalates
E2.1 Monitoring Migration	2	1	3
E2.2 Alerting Rationalisation	11	11	1
E2.3 BCDR & SRE Fundamentals	11	10	1
E2.4 SRE Golden Signals NEW	8	—	—

E2.4 is a new Epic — identified by PRD gap analysis. Without it, INIT-2 delivers Maturity 1 (telemetry visible, threshold alerts) but not Maturity 2 (SLO-driven alerting, error budgets, burn rate KQL).

NOSD-2303 is the Gate

Active MMA Policy Audit. 2-week window. Findings directly scope E2.1 remediation — if MMA is present on VMs, a remediation NOSD is raised immediately after close.

NOSD-2303 active

E2.4 Stories (new)

S1 — Define platform monitoring contract

S2 — SLO registry · interim SLOs for Business Critical workloads

S3 — Golden Signals Workbook template (App Insights + Azure Monitor)

S4–S5 — Burn rate KQL alerts + EPAC deployment

S6 — Error budget dashboard

S7–S8 — Full SLO registry + monthly review cadence (Q3)

INIT-3 / INIT-4 / INIT-5

Modernise · Optimise · Migrate

INIT-3 · Modernise IaC

IaC ARM → AVM/Bicep, ADO pipeline tooling, federated credentials

E3.1 ARM → AVM/Bicep (owner TBD — 11 issues)

E3.2 Pipeline & DevOps Tooling

E3.3 Federated Credentials near done

⚠ E3.2 stability gates INIT-5 Gen3 migrations

INIT-4 · Optimise Cost

Rightsizing, test cost governance, Gen2 decommission wave

E4.1 Rightsizing active

E4.2 Test Cost Governance

E4.3 Decommission Wave —blocked

⚠ E4.3 blocked until E6.1 + INIT-5 confirm Gen3 is live

INIT-5 · Migrate Gen3

Gen2 → Gen3 spoke migrations, Moment v2 completion

E5.1 Gen2 → Gen3 Migrations (Q3)

E5.2 Moment v2 Completion pipelines done

⚠ E5.1 spoke migration sequence needs owner to confirm

INIT-6 / INIT-7

Govern the Estate · Enable Cloud Operations

INIT-6 — HIGH PRIORITY

Govern the Estate

Classification, standards, PKI. Only 6 ETAT issues — but highest dependency leverage of any Initiative.

E6.1 Classification — classify all workloads: Business Critical / Standard / Dev. Gates E1.3 and E4.3 decommission.

E6.2 Standards & Docs — naming, tagging, incident comms, git standards

E6.3 PKI Modernisation — CBA, PKI uplift, ETAT-223 scoping (Q3)

Action: Russell Lack must confirm E6.1 priority and owner this week. Slippage delays both E1.3 and E4.3.

INIT-7 — PARALLEL

Enable Cloud Operations

Automation, docs, service communications. No upstream dependencies — can start immediately and run in parallel.

E7.1 Ops Automation
ETAT-35, 231 — Russell Lack owns, already active. Auto-escalation, Jira integration.

E7.2 Service Docs & Comms
Incident communication process, service documentation, SLA comms to Elmera team.

INIT-7 is the enablement layer — makes all other work visible and actionable to the wider Elmera team. No blockers.

Simen Hjelle Handover — Resolved

5 orphaned items — all absorbed or closed

P1

ETAT-227 — MMA → AMA migration IN JIRA

Active in Jira. Tom assigned; Øystein working on it now. Needs completion — no new owner required.

P2

ETAT-721 — Defender ARM secrets in EPAC → INIT-1 E1.3

EPAC deployed ~1 year ago — alert context likely stale. Rolled into ELRD-E1.3 Security Posture as a review story. Not an emergency; part of the Defender for Cloud baseline review.

P3

ETAT-15 — Monitoring migration ARCHIVED

Dead work. The SRE/monitoring approach this was based on has been superseded by the new Initiative framework. No residual value — close in ETAT.

P4

ETAT-552 — Service health alerts to Jira → INIT-2 E2.3

Rolled into ELRD-E2.3 BCDR & SRE Fundamentals. Part of the service health and operations work already planned in the Initiative.

P5

ETAT-603 — CPU alert false triggers → INIT-2 E2.2

Rolled into ELRD-E2.2 Alerting Rationalisation. The old CPU alert approach has limited value — the Initiative's alerting redesign will supersede it entirely.

No separate escalate track needed. P1 completes in Jira; P2/P4/P5 become stories in the relevant Initiative Epics; P3 closes.

Review Triage

72 Proposals awaiting a decision

Each "Review" item is a Jira Proposal — raised but never committed to. Each needs one decision before Jira import:

Decision	Meaning	When
Story	Carry into ELRD with acceptance criteria	Clear value, fits Epic, team has capacity
Defer	Keep in backlog, revisit Q3/Q4	Valid idea, but blocked or no capacity now
Archive	Mark Done in ETAT, do not import	Already resolved, duplicate, or superseded

How to triage

Open the relevant initiatives/init-N-*.md file
Find the issue in the table — check Disposition column
Open a PR to change Review → Story, Defer, or Archive + one-line rationale
Team approves PR → decision recorded in the file

By Epic (review density)

E2.2 Alerting

11 Reviews — largest single Epic

Suggested: batch EPAC policy proposals in one session

E2.3 BCDR

10 Reviews — HA/redundancy Advisor proposals

Batch triage: group ETAT-415–427 together

E1.3 Security Posture

13 Reviews — Defender/Advisor proposals

Do ETAT-369, 376, 391 first — they scope the others

E3.2 Pipeline Tooling

4 Reviews — automation proposals

All other Epics

34 Reviews spread across E1.1, E1.2, E4.x, E5.x

Team Workflow

How to work while Damian is away

📖

Read

Open init-N-*.md
understand scope

→

✏️

Open PR

Propose triage decision or correction to feat/elrd-roadmap

→

💬

Review

Team comments in GitHub PR discussion

→

✅

Merge

Decision recorded.
NOT to main.

Branch

feat/elrd-roadmap

Staging only — PRs target this branch, NOT main

GitHub Issues

5 Escalate + 8 Pre-import

Labels: escalate, pre-import

Project Board

To Do · In Review · Done

Issues + PRs in one view

Pre-Import Gates

8 gates before any Jira write

All 5 Escalate items have an assigned owner RUSSELL
ETAT-227 state verified — is AMA actually deployed? TBD
Russell confirms INIT-6 priority order and owner RUSSELL
E3.1 IaC migration owner assigned (Andreas also gone — Russell to confirm) RUSSELL
72 Review items triaged — Story / Archive / Defer TEAM
ELRD Jira project created with correct issue types PM
ETAT-567, 682, 669, 223 linked as source Epics PM
All ETAT Epic mappings confirmed with team TEAM

ETAT Source Epics to Link

ETAT-682

IaC ARM → AVM/Bicep Transition

Maps to ELRD-E3.1

ETAT-567

Cost Optimisation Epic

Maps to ELRD-E4.x

ETAT-669

Monitoring & Alerting Epic

Maps to ELRD-E2.x

ETAT-223

PKI Modernisation and CBA

Maps to ELRD-E6.3

Track all 8 gates via GitHub Issues (label: pre-import)

INIT-1 Deep Dive — E1.1

Network & Perimeter Hardening — Top Stories

ETAT	Story	Status	Disposition
ETAT-501	Firewall Policy Analytics Review	Blocker	Story
ETAT-3	Firewall Cleanup	Blocked	Story
ETAT-7	App Gateway Cleanup and Review	Blocked	Story
ETAT-679	Cleanup Temp Firewall/NSG Rules GE	Up Next	Story
ETAT-725	Organise firewall code	Up Next	Story
ETAT-696	App GW endpoints with public DNS problems	Up Next	Story
ETAT-13	Optimise and Consolidate DNS	Backlog	Story
ETAT-532	Clean openings to Service Tags	Backlog	Story
ETAT-87	Address subnet limitations in salgsl	Backlog	Story
ETAT-92	Firewall VPN Access for PostgreSQL	Proposal	Review

Ordering Rule

ETAT-501 must be first. Firewall Policy Analytics reveals which rules are actually used. Without it, cleanup (ETAT-3, 679, 725) may remove rules that are still active.

Review Items

ETAT-92 (VPN PostgreSQL), 591 (PE policy), 611 (Redis Private Link) — triage as Story, Defer, or Archive based on current VNet topology.

E1.1 Stats

9

Stories

4

Reviews

INIT-2 Deep Dive — E2.2

Alerting Rationalisation — 23 Issues

Stories (carry forward)

ETAT-146	Reassign memoryPercentage Alerts for App Service Plans
ETAT-147	EPAC Policy for ServerErrors on Web/Function Apps
ETAT-148	Investigate ServerErrors on p-hubapi-momprox
ETAT-149	Improve responseTime Alert Configuration
ETAT-156	Implement Monitoring for Azure Container Apps via EPAC
ETAT-595	Configure Alerts for Critical Autoscale Events
ETAT-603	False CPU alert triggers [ESCALATE]

Reviews — Batch Triage Recommended

EPAC Policy batch — ETAT-596, 597, 598, 599, 600: monitoring policies for App GW, SQL capacity, DTU, PostgreSQL, dashboards

Alert hygiene batch — ETAT-561, 563, 566, 579, 723: noise reduction, cleanup legacy alerts, orphan policy

Sequencing Rule

ETAT-563 (alert procedures doc) must be done before ETAT-151 (IFMS CPU instructions). Procedures first, then the how-to-respond docs.

Good News

E2.2 has zero upstream dependencies. Assign this workstream independently and run in parallel with all other Initiatives.

This Week — 2026-03-23

Actions while Damian is away

Russell

Assign owners to all 5 Escalate items — open GitHub Issues, label escalate

Mon 23 Mar

Russell

Confirm INIT-6 priority order and E6.1 owner — open PR to init-6-govern-estate.md

Tue 24 Mar

Russell

Assign E3.1 IaC migration owner — Andreas is also gone. Confirm who picks up ETAT-682 and spoke migration sequence.

Wed 25 Mar

Team

Begin Review triage — start with E2.2 Alerting (most self-contained, no blockers). PRs to ROADMAP.md or init-2-operate-reliably.md

Wed–Fri

Sufi

Check NOSD-2303 MMA audit progress — post findings in Jira ticket. If MMA found, raise remediation NOSD immediately.

Thu 26 Mar

All

Review slide deck, README, and ROADMAP.md — raise corrections as GitHub Issues or PRs

Fri 27 Mar

Damian returns week of 2026-03-30. All triage decisions recorded this week will be reviewed on return and Jira import will be scheduled.

Questions & Contributions

Over to you

Open a GitHub Issue on InnofactorOrg/innofactor-datacenter
or ping on Teams — tag Damian Flynn

Branch

feat/elrd-roadmap

Key Files

elrd/README.md
elrd/ROADMAP.md
elrd/escalate/INDEX.md

Innofactor Platform Engineering · March 2026 · Nothing written to Jira yet