SaaS Architecture
Dr Migrate’s SaaS solution provides a secure, hosted instance for customers, simplifying setup on their side. However, the Azure Migrate appliance is still used to collect data from the customer’s target environment.
Dr Migrate SaaS Security Standards
The Dr. Migrate SaaS solution runs on the Altra Azure Tenant.
This solution is compliant to ISO27001. For more information on the standard please see here.
Additionally the Dr Migrate adheres to General Data Protection Regulation (GDPR). This regulation is designed to protect the privacy and personal data of individuals.
Architecture Summary
The customer’s Dr Migrate SaaS instance uses a limited access SPN to synchronize with the Azure Migrate Project. Once synchronized, near-real-time insights are accessible through the Dr Migrate web interface.
Key Points:
- The Azure Migrate appliance requires read-only access to target hypervisors, VMs, and servers.
- Data is encrypted at rest and in transit.
- Data is sent from the Azure Migrate appliance to the Azure Migrate Project over port 443.
- Dr Migrate ingests data from the Azure Migrate Project via REST API using a limited access SPN.
- Access to the SaaS instance is controlled via AD.
Key Architecture Components
| Component | Purpose |
|---|---|
| Customer’s Azure Subscription | Hosting of required infrastructure |
| Customer On-premise environment | Infrastructure to be scanned |
| Azure Migrate Appliance | Data collection on-premises |
| Azure Migrate Project | Data hosting within customers Azure |
| SaaS Hosted Dr Migrate | Secure customer instance of Dr Migrate |
| Active directory B2B | Secure authentication |
Data Flow
Data is synchronized between the customer’s Azure Migrate Appliance > Azure Migrate Project > Dr Migrate SaaS instance.
| From | To | To |
|---|---|---|
| Azure Migrate Appliance (on-premises) | Azure Migrate Project (Customer’s Azure subscription) | Dr Migrate (SaaS Hosted) |
| On-premises servers are scanned and non-PII data is collected by the Azure Migrate Appliance and sent to the target Azure Migrate Project. | The Azure Migrate Project securely stores the collected data as it is sent by the Azure Migrate Appliance | Dr Migrate uses a limited access SPN to synchronize data with the Azure Migrate Project. The synchronized data is securely stored within the customer’s subscription |
The data that passes between Azure Migrate and Dr Migrate is encrypted using SSL (https encryption) on port 443.
The Dr Migrate virtual machine sits in a dedicated resource group on an isolated network within the Dr Migrate tenan.
Data on the virtual machine is encrypted using Azure data disk encryption.
SaaS Architecture FAQ
Does the SaaS and Azure Marketplace versions of Dr Migrate have the same features Yes.
Does Dr Migrate require access to on-premises servers? Dr Migrate does not require access to any on-premises devices, Azure Migrate is used as the data collection source, securely dealing with both data in transit and at rest.
Does the Azure Migrate appliance analysis affect on-premises performance? The Azure Migrate appliance profiles on-premises servers continuously to measure performance data. This means that Azure Migrate will only collect telemetry when there is a low load on the target host. This profiling has almost no performance impact on profiled servers.
How much data is uploaded during continuous profiling? On average a server sends approximately 5 MB of data per day. This value is approximate; the actual value varies depending on the number of data points for the disks and NICs.
What network connectivity is required? The Azure Migrate appliance needs access to Azure URLs. Review the URL list.
What data points should Azure Migrate be setup to collect? It is essential that Azure Migrate is configured to collect Software Inventory, Application Dependency, SQL Inventory and network data. This will allow Dr Migrate to provide comprehensive insights.
How many Azure Migrate Appliances do I need? As a rule of thumb:
- one per discovery method needed (i.e. one for VMware, Hyper-V, Physical).
- one per 500 to 1000 machines within the discovery method.
See Microsoft’s Online Common Questions regarding Azure Migrate for more information.