In this session we’ll explore the process and challenges of performing a live migration of a very large IDM system, hosting more them 300M user identities, from a conventional VM-based deployment of Ping Directory 6 to a containerized Ping Directory 9 deployment running on EKS clusters. This system provides IDM services of OIDC and SAML based authentication, and SCIM user profile management to over 300 different client applications, serving over a million logins per day from two different, load-balanced regions. The migration process involved changing the LDAP data schema and re-partitioning the Directory system, to accommodate new requirements and to better prepare for planned identity growth. Due to its mission-critical nature, the migration had to be performed live, with no downtime allowed for. During the migration certification period, two systems with distinct database schemas and partitioning strategies were kept running side-by-side, and data consistency was maintained by leveraging a bi-directional Sync Server process to push changes from one system to the other. Deployment and strategies unique to the EKS deployment as well as performance benchmarking will be also discussed.