Camunda 7 to Camunda 8 Migration Awareness
Awareness migrasi Camunda 7 ke Camunda 8: architecture difference, BPMN compatibility, Java delegate replacement, external task replacement, workers, variables, history/tooling/API/human task/operations/deployment differences, running instance challenge, dan strategy.
Part 058 — Camunda 7 to Camunda 8 Migration Awareness
Fokus part ini: memahami mengapa migrasi Camunda 7 ke Camunda 8 bukan sekadar upgrade library atau mengganti endpoint. Camunda 8 bukan drop-in replacement untuk Camunda 7. Migrasi menyentuh architecture, execution model, code integration, BPMN compatibility, worker model, variables, history, human task, operations, security, deployment, dan running process instance strategy.
Jika Camunda 7 dipakai dalam enterprise Java system, banyak logic biasanya hidup dekat dengan aplikasi:
embedded/shared process engine
JavaDelegate
ExecutionListener
TaskListener
Spring/Jakarta bean resolution
JDBC transaction integration
Camunda database schema
Cockpit/Tasklist
External Task workers if used
Camunda 8/Zeebe mengubah pusat gravitasi:
remote distributed orchestration engine
Zeebe brokers and gateways
job workers
Operate/Tasklist/Identity/Optimize
exporters and secondary storage
Kubernetes/SaaS/self-managed deployment
remote API/client interaction
Ini bukan perubahan kosmetik. Ini perubahan ownership, failure mode, latency model, deployment model, security model, dan debugging model.
1. Migration Mental Model
1.1 Migration is a system redesign unless proven otherwise
Anggap migrasi sebagai redesign terkontrol sampai terbukti sederhana.
Camunda 7 solution
= BPMN model
+ engine configuration
+ Java code/delegates/listeners
+ external task workers
+ process variables
+ database/history
+ operational tooling
+ deployment pipeline
+ runbook
+ user task behavior
+ audit/compliance evidence
Migrasi harus menilai semuanya, bukan hanya .bpmn.
1.2 Do not confuse model migration with solution migration
Ada tiga level migrasi:
BPMN/DMN model migration
Application code migration
Running system migration
BPMN model mungkin bisa dikonversi lebih cepat. Tetapi solution migration tetap bisa berat karena:
JavaDelegate tidak jalan langsung di Zeebe
Camunda 7 internal APIs tidak tersedia
transaction boundary berubah
variable serialization berubah
history/tooling berbeda
human task implementation berbeda
external task behavior tidak identik dengan Zeebe job
operations model berubah
1.3 Preferred migration principle
Prinsip aman:
Prefer draining old process instances when possible.
Prefer parallel run for bounded period when business allows.
Prefer migrating only when strong reason exists.
Prefer forward recovery over rollback illusion.
Prefer explicit compatibility contracts over hopeful deployment.
Running instance migration harus menjadi pilihan yang sadar, bukan default.
2. Major Architecture Differences
2.1 Camunda 7 architecture
Camunda 7 biasanya dipahami sebagai Java process engine:
Application / Container
-> Process Engine
-> Job Executor
-> Camunda DB schema
-> Runtime/Repository/Task/History services
-> JavaDelegate / listener / external task
-> Cockpit / Tasklist
Jika embedded/shared, engine bisa hidup sangat dekat dengan application runtime.
Implication:
Java classpath matters
transaction integration matters
DB schema pressure matters
engine config in application matters
job executor competes with app resources
2.2 Camunda 8 architecture
Camunda 8/Zeebe memakai remote/distributed orchestration model:
Client / Worker / API
-> Gateway / Orchestration API
-> Zeebe brokers
-> partitions / log stream / state
-> exporters
-> secondary storage
-> Operate / Tasklist / Identity / Optimize
Implication:
network boundary matters
worker lifecycle matters
job timeout/retry matters
broker/gateway health matters
secondary storage freshness matters
Kubernetes/SaaS/self-managed operations matter
2.3 Migration consequence
Jika Camunda 7 embedded engine berada di aplikasi Java/JAX-RS, migrasi ke Camunda 8 memindahkan orchestration concern keluar dari process host.
Dampaknya:
synchronous in-transaction delegate -> remote job execution
local Java exception -> job failure/BPMN error command
local DB transaction boundary -> worker-managed transaction boundary
local engine API -> Camunda 8 client/API
Cockpit model -> Operate model
Camunda 7 DB history -> Camunda 8 exported/secondary storage model
3. BPMN Compatibility Review
3.1 Inventory BPMN models
Buat inventory:
process key / BPMN ID
current deployed versions
running instance count
average duration
max duration
active activities
events used
gateways used
subprocess/call activity usage
compensation/error/escalation usage
DMN/business rule task usage
user task usage
service task implementation
listeners/extensions/custom attributes
3.2 Element compatibility
Review setiap element:
start events
end events
service tasks
user tasks
business rule tasks
call activities
subprocesses
event subprocesses
boundary events
message events
timer events
error events
escalation events
compensation events
gateways
input/output mappings
expressions
extension properties
Jangan berasumsi semua BPMN extension Camunda 7 punya semantic identik di Camunda 8.
3.3 Expressions and implementation details
Camunda 7 BPMN sering mengandung:
${bean.method(execution)}
Java class delegate reference
expression delegate
listener class
field injection
script task
execution/task listener
custom extension properties
Di Camunda 8, service task biasanya menjadi job yang diambil worker berdasarkan job type. Ini berarti implementation detail perlu diangkat menjadi worker contract eksplisit.
4. JavaDelegate Migration
4.1 JavaDelegate is not a Zeebe worker
Camunda 7 JavaDelegate mental model:
public class ValidateOrderDelegate implements JavaDelegate {
public void execute(DelegateExecution execution) {
// read variables
// call service
// set variables
// throw exception or BpmnError
}
}
Zeebe worker mental model:
activate job by type
read job variables
perform work
complete/fail/throw BPMN error
set output variables
Perubahan penting:
execution object hilang
engine-local transaction boundary hilang
classpath-bound delegate hilang
bean expression tidak otomatis sama
job timeout/retry harus dipikirkan
worker deployment/versioning terpisah
network failure menjadi bagian model
4.2 Delegate migration checklist
[ ] Inventory semua JavaDelegate.
[ ] Klasifikasikan delegate: pure computation, DB write, API call, event publish, mixed side effect.
[ ] Identifikasi variable input/output.
[ ] Identifikasi exception behavior.
[ ] Identifikasi BpmnError behavior.
[ ] Identifikasi transaction dependency.
[ ] Identifikasi injected services/repositories.
[ ] Identifikasi hidden business rules.
[ ] Tentukan job type untuk worker baru.
[ ] Tentukan idempotency key.
[ ] Tentukan retry/timeout/backoff.
[ ] Tambahkan tests untuk happy path and failure path.
4.3 Refactoring target
Good migration target:
BPMN service task job type: validate-order
Worker method: validateOrder(job)
Input variables: orderId, tenantId, correlationId
DB reads/writes: explicit via service/repository
Output variables: validationResult, validationReason
Failure: technical fail with retries
Business error: throw BPMN error with code
Idempotency: processed_job/job_key/business_command table
Observability: metrics/log/trace by processInstanceKey/orderId/jobType
5. External Task Migration
5.1 External task and Zeebe job are conceptually close, not identical
Camunda 7 external task:
fetch and lock
external task topic
worker ID
lock duration
complete
handleFailure
handleBpmnError
extendLock
retries
Zeebe job worker:
activate jobs
job type
worker name
job timeout
complete job
fail job
throw BPMN error
retries
backoff
max jobs active
The mental model is similar: engine creates work, worker performs work. But implementation semantics, APIs, timeout model, tooling, and operational behavior differ.
5.2 External task migration checklist
[ ] Map external task topic to Zeebe job type.
[ ] Map lock duration to job timeout.
[ ] Map worker ID to worker name/identity.
[ ] Map handleFailure to fail job with retries/backoff.
[ ] Map handleBpmnError to throw BPMN error.
[ ] Map long polling config to job activation/polling/streaming behavior.
[ ] Review variable fetch list vs job variable payload.
[ ] Review duplicate execution behavior after timeout.
[ ] Review worker graceful shutdown.
[ ] Review scaling/concurrency/backpressure.
5.3 Common migration trap
Trap:
"External task worker already exists, so just change the client."
Reality:
worker concurrency semantics may change
variable payload shape may change
error reporting may change
retry/backoff behavior may change
observability dashboard may change
incident workflow may change
security credentials may change
6. Variable and Payload Migration
6.1 Variable model differences matter
Camunda 7 often has Java object serialization and database-backed variable persistence. Camunda 8 typically expects variables as JSON-like process data flowing through workers and engine APIs.
Migration concerns:
Java serialized object variables
large payload stored as variable
class version dependency
custom serializers
sensitive data in history
object mutation by delegates
parallel variable overwrite
input/output mapping behavior
variable scope differences
6.2 Variable migration checklist
[ ] Inventory all variable names/types.
[ ] Identify Java serialized object variables.
[ ] Identify large payload variables.
[ ] Identify sensitive variables.
[ ] Identify variables used by gateways/expressions.
[ ] Identify variables used by listeners/delegates/workers.
[ ] Define JSON schema or lightweight variable contract.
[ ] Move large domain payload to business DB if needed.
[ ] Define variable compatibility for old/new workers.
[ ] Define audit/retention policy for migrated variables.
6.3 Target variable discipline
Prefer:
orderId
quoteId
tenantId
correlationId
approvalDecision
validationStatus
falloutReasonCode
Avoid:
fullOrderPayload
entireCustomerProfile
rawExternalApiResponse
accessToken
hugeSerializedJavaObject
mutableNestedObjectSharedAcrossParallelBranches
7. Human Task Migration
7.1 User task model may change
Camunda 7 Tasklist/task service and Camunda 8 Tasklist/Camunda user task model are not identical operationally.
Review:
candidate users/groups
assignee
claim/unclaim
complete
task forms
embedded vs linked forms
due date/follow-up date
task listener behavior
authorization
tenant visibility
audit trail
custom task UI/API
7.2 Human task migration checklist
[ ] Inventory all user tasks.
[ ] Identify forms and form technology.
[ ] Identify assignment expressions.
[ ] Identify task listeners.
[ ] Identify custom task APIs.
[ ] Identify task search/filter requirements.
[ ] Identify authorization/tenant requirements.
[ ] Identify SLA/due-date behavior.
[ ] Test claim/complete/concurrent completion behavior.
[ ] Verify audit trail equivalence.
7.3 Task listener trap
Camunda 7 implementations may hide important side effects in TaskListener:
assigning task dynamically
writing audit records
sending notification
setting variables
creating comments
calling external systems
These must be made explicit in the new model. Do not migrate only the visible BPMN task and forget listener behavior.
8. DMN and Business Rule Migration
DMN migration must review:
decision table compatibility
hit policy
input expression
output names/types
FEEL/expression difference
business rule task binding
versioning
existing audit expectation
testing fixtures
Checklist:
[ ] Inventory DMN decisions.
[ ] Map process tasks to decisions.
[ ] Verify expression compatibility.
[ ] Verify hit policy behavior.
[ ] Verify no-match/default behavior.
[ ] Re-run decision test cases.
[ ] Validate with BA/Product for business equivalence.
9. API and Client Migration
Camunda 7 app may use services like:
RepositoryService
RuntimeService
TaskService
HistoryService
ManagementService
ExternalTaskService
IdentityService
Camunda 8 uses different APIs/clients and operational tools.
Migration checklist:
[ ] Inventory Camunda 7 API usage.
[ ] Identify RuntimeService start/correlate usage.
[ ] Identify TaskService query/complete usage.
[ ] Identify HistoryService reporting usage.
[ ] Identify ManagementService job/incident operations.
[ ] Identify custom admin/repair tools.
[ ] Map to Camunda 8 API/client/tooling.
[ ] Review eventual consistency of query/read endpoints where relevant.
[ ] Update JAX-RS façade contracts if exposed to other teams.
Do not expose raw engine migration complexity to external API consumers unless intentionally changing product contract.
10. History, Audit, and Reporting Migration
10.1 History is not just nice-to-have
For CPQ/order management, history can be needed for:
audit trail
customer dispute
SLA proof
approval trace
incident investigation
compliance evidence
business reporting
root cause analysis
Camunda 7 history tables and Camunda 8 exported/secondary storage model are operationally different.
10.2 Checklist
[ ] Identify current history queries/reports.
[ ] Identify compliance retention requirement.
[ ] Identify audit fields required by business.
[ ] Identify whether historical Camunda 7 data must be migrated.
[ ] Identify whether old Cockpit/history remains read-only during transition.
[ ] Identify reporting impact for Optimize/internal BI/dashboard.
[ ] Define evidence continuity plan.
10.3 Avoid false equivalence
Do not assume:
Camunda 7 ACT_HI_* query = same query in Camunda 8
Cockpit screen = Operate screen
old history retention = new retention
old audit report = new audit report
Reporting migration can be as hard as runtime migration if business relies on it.
11. Running Process Instance Strategy
11.1 Options
Common strategies:
Drain old instances in Camunda 7; start new instances in Camunda 8.
Run Camunda 7 and Camunda 8 in parallel for different process versions.
Migrate selected running instances.
Restart/cancel and recreate instances with business approval.
Keep Camunda 7 read-only for history while new work moves to Camunda 8.
Bridge Camunda 7 process to Camunda 8 process temporarily.
11.2 Decision criteria
process duration
number of active instances
business criticality
current activity distribution
manual tasks in progress
external side effects already performed
compensation feasibility
audit requirement
customer impact
migration tooling maturity
rollback/repair ability
11.3 Drain-first strategy
Drain-first is often safest when:
process duration is short or bounded
active instance count is manageable
new process can start only for new business cases
old process can be supported for a transition window
11.4 Migration strategy
Running instance migration may be needed when:
old version has production bug
long-running instances cannot wait to finish
operational complexity of dual-running is too high
regulatory/business requirement demands consistent model
But migration must include:
source/target definition
activity mapping
variable mapping
task mapping
job/timer/message mapping assessment
incident handling
dry run
backup/rollback/forward repair plan
operator approval
customer impact plan
12. Deployment and Operations Migration
12.1 Camunda 7 operations
engine health
job executor health
Camunda DB schema
history cleanup
failed jobs/incidents
Cockpit/Tasklist
application deployment
classloading
database backup/restore
12.2 Camunda 8 operations
Zeebe broker health
Gateway health
partition leadership
backpressure
exporter health
secondary storage health
Operate/Tasklist/Identity
worker connectivity
Kubernetes/Helm
backup/restore coordination
rolling upgrades
12.3 Migration checklist
[ ] Define new runbook.
[ ] Define new dashboards.
[ ] Define new alert thresholds.
[ ] Train support/SRE on Operate/Tasklist/Identity.
[ ] Define worker deployment strategy.
[ ] Define backup/restore strategy.
[ ] Define incident response flow.
[ ] Define dual-run support model.
13. Security and Identity Migration
Review:
Camunda 7 authorization model
Camunda 8 Identity/access control model
SSO/OIDC integration
service account/client credential
worker credential
connector secret
operator access
tenant isolation
variable visibility
Tasklist access
Operate access
admin/repair privilege
Checklist:
[ ] Map roles and groups.
[ ] Map tenant model.
[ ] Map task access.
[ ] Map admin/operator access.
[ ] Re-evaluate least privilege.
[ ] Migrate secrets safely.
[ ] Validate audit logs.
[ ] Redact sensitive data in new logs/dashboards.
Security migration is not “copy old admin users”. It is a chance to remove excessive privileges.
14. Testing Strategy for Migration
14.1 Golden path is insufficient
Migration test suite must cover:
happy path
all gateway branches
all BPMN errors
technical failure/retry/incident
message correlation
timer firing
user task claim/complete
authorization failure
compensation path
duplicate worker execution
external API unknown outcome
DB commit + worker complete failure
Kafka/RabbitMQ duplicate event
process version compatibility
14.2 Parallel comparison
For critical processes, create comparison tests:
Camunda 7 expected behavior
Camunda 8 migrated behavior
same input
same business outcome
same audit-significant state
known acceptable differences documented
14.3 Migration rehearsal
[ ] Create migration inventory.
[ ] Run model conversion.
[ ] Run worker conversion.
[ ] Deploy to test environment.
[ ] Replay representative scenarios.
[ ] Simulate incidents.
[ ] Validate task UX.
[ ] Validate dashboards/alerts.
[ ] Validate rollback/forward recovery.
[ ] Validate support runbook.
15. Rollout Patterns
15.1 Big-bang migration
Usually high risk unless process set is small and non-critical.
Risks:
unknown BPMN incompatibility
worker rollout mismatch
history/reporting gap
operator unfamiliarity
hard rollback
running instance confusion
15.2 Process-by-process migration
Often safer:
select one bounded process
migrate model and workers
run parallel validation
start only new instances on Camunda 8
keep Camunda 7 for old instances/history
learn and iterate
15.3 Shadow/dual-run where possible
For decision-heavy or validation-heavy workflow, shadow execution can compare outcomes without driving side effects.
Guardrail:
shadow run must not call external side-effecting systems
shadow run must not publish real business events
shadow run must clearly separate test variables/audit
15.4 Feature flag / routing
route new tenant/customer/process type to Camunda 8
route existing long-running cases to Camunda 7
disable routing if incident rate rises
preserve idempotency across route change
16. Migration Risk Matrix
| Area | Low risk | High risk |
|---|---|---|
| BPMN | simple linear flow | complex events, compensation, call activities |
| Code | external task with clean contract | JavaDelegate with hidden DB/API side effects |
| Variables | primitive JSON-like variables | Java serialized objects / large payloads |
| Duration | short process | months-long order lifecycle |
| Human task | simple assignment | custom task UI/listeners/auth logic |
| Integration | one API call | Kafka/RabbitMQ/DB/API mixed side effects |
| Operations | mature dashboards | no incident/runbook/metrics |
| History | not business-critical | audit/compliance/reporting critical |
| Migration | drain old instances | live running instance migration required |
Use this matrix to decide whether migration is a small project, platform initiative, or business-risk program.
17. Common Migration Anti-Patterns
[ ] Treating Camunda 8 as Camunda 7 with new branding.
[ ] Migrating BPMN files without migrating delegate/listener semantics.
[ ] Turning every JavaDelegate into a worker without redesigning idempotency.
[ ] Keeping huge Java object variables.
[ ] Ignoring running instances.
[ ] Ignoring history/audit/reporting.
[ ] Ignoring human task UX and authorization differences.
[ ] Migrating all processes in one big bang.
[ ] Assuming retry behavior is equivalent.
[ ] Assuming Cockpit operations map one-to-one to Operate.
[ ] Ignoring worker deployment/version compatibility.
[ ] Not training support/SRE on new incident model.
[ ] Not writing migration runbooks.
18. Internal Verification Checklist
Gunakan checklist ini untuk CSG/team context. Jangan mengarang; verifikasi dari codebase, BPMN repository, deployment, dashboard, dan team discussion.
[ ] Apakah CSG Quote & Order memakai Camunda 7, Camunda 8, keduanya, atau tidak memakai Camunda?
[ ] Apakah ada active migration initiative?
[ ] Apakah ada Camunda 7 JavaDelegate di codebase?
[ ] Apakah ada External Task workers?
[ ] Apakah ada Zeebe job workers?
[ ] Apakah BPMN models punya Camunda 7-specific extension?
[ ] Apakah ada execution/task listeners?
[ ] Apakah ada process variables berupa Java serialized object?
[ ] Apakah ada large payload process variables?
[ ] Apakah ada custom Tasklist/task UI?
[ ] Apakah ada custom Cockpit/admin/repair tooling?
[ ] Apakah HistoryService/ACT_HI_* digunakan untuk reporting/audit?
[ ] Apakah process instances long-running selama hari/minggu/bulan?
[ ] Apakah order/quote state dipengaruhi running process instances?
[ ] Apakah ada migration/runbook/ADR yang sudah dibuat?
[ ] Siapa owner migration: backend, platform, SRE, product, solution architect, BA?
[ ] Bagaimana customer impact dinilai?
19. Migration Architecture Review Questions
Saat ikut diskusi migrasi, tanyakan:
Which processes are in scope and why?
What is the current active instance count per process/version?
Can old instances drain naturally?
What JavaDelegate/listener behavior is hidden behind BPMN?
What external side effects exist per service task?
What variables are business-critical?
What data/history must be retained?
What dashboards/reports depend on Camunda 7 history?
How will workers be deployed and versioned?
How will user tasks and forms change?
How will incidents be handled in the new platform?
What is the rollback or forward recovery plan?
What is the smallest safe migration slice?
20. Suggested Migration Plan Shape
A sane migration plan usually looks like this:
1. Inventory
BPMN, DMN, workers, delegates, variables, APIs, reports, incidents.
2. Categorize
Simple, medium, high-risk process groups.
3. Choose pilot
Low-risk but representative process.
4. Convert model
Remove Camunda 7-specific implementation details.
5. Convert code
JavaDelegate/external task -> job worker/connector where appropriate.
6. Redesign variable contract
Small JSON-compatible variables, DB for domain state.
7. Build tests
Scenario, worker, integration, failure, migration tests.
8. Build operations
Dashboards, alerts, runbook, support training.
9. Deploy parallel
Start new instances in Camunda 8, drain old in Camunda 7 if possible.
10. Expand gradually
Process-by-process migration with lessons learned.
21. Summary
Camunda 7 to Camunda 8 migration is not primarily a syntax migration. It is a shift from:
Java-local/database-backed process engine
to:
remote distributed orchestration platform with job workers and operational components
The technical migration must preserve business correctness:
same business outcomes
safe retry behavior
idempotent side effects
clear user task ownership
valid audit trail
secure access model
observable operations
controlled rollout
safe recovery path
A senior engineer should not ask only:
Can the BPMN be converted?
Ask:
Can the entire workflow solution be operated, debugged, audited, secured, and evolved safely after migration?
That is the real migration question.
References
- Camunda 8 Docs — Camunda 7 to Camunda 8 migration guide: https://docs.camunda.io/docs/guides/migrating-from-camunda-7/
- Camunda 8 Docs — Migration journey: https://docs.camunda.io/docs/guides/migrating-from-camunda-7/migration-journey/
- Camunda 8 Docs — Migration tooling: https://docs.camunda.io/docs/guides/migrating-from-camunda-7/migration-tooling/
- Camunda 8 Docs — Code conversion: https://docs.camunda.io/docs/guides/migrating-from-camunda-7/migration-tooling/code-conversion/
- Camunda 8 Docs — Process instance migration: https://docs.camunda.io/docs/components/concepts/process-instance-migration/
- Camunda 8 Docs — Versioning process definitions: https://docs.camunda.io/docs/components/best-practices/operations/versioning-process-definitions/
- Camunda 8 Docs — Job workers: https://docs.camunda.io/docs/components/concepts/job-workers/
- Camunda 8 Docs — User tasks: https://docs.camunda.io/docs/components/modeler/bpmn/user-tasks/
You just completed lesson 58 in final stretch. Use the series map if you want to review the broader track, or continue directly into the next lesson while the context is still warm.
Keep the momentum while the lesson is still fresh. Move backward for review or continue forward into the next concept.