Internal Virtual Network Access
Overview
Publish Dr Migrate internally via VNet peering to provide access over your private network.
This uses Virtual Network Peering so Dr Migrate is reachable as an internal resource.
Locate the Dr Migrate Application
Search for Managed Applications within the Azure Portal, once you have located the Dr Migrate Managed Application, select the ‘Managed resource group’ from the Overview screen.
Within the Managed Resource Group, select the Virtual Network resource.
Create a Virtual Network Peer
Peer the Dr Migrate Virtual Network to your chosen Virtual Network in your environment. This will allow you to access the Dr Migrate web application, using its internal IP.
For a detailed tutorial on how to peer virtual networks, see Tutorial: Connect virtual networks with VNet peering.
Required Remote Connections
The below table highlights the required set of URLs for Dr Migrate and Azure Migrate to function correctly with a Virtual Network Peering.
| URL | Requirement for Service |
|---|---|
| *.portal.azure.com | Navigate to the Azure portal. |
| *.windows.net *.msftauth.net *.msauth.net *.microsoft.com *.live.com *.office.com | Sign into Azure subscription. |
| *.microsoftonline.com *.microsoftonline-p.com | Create Azure Active Directory (AD) apps for the appliance to communicate with Azure Migrate. |
| management.azure.com | Create Azure AD apps for the appliance to communicate with the Azure Migrate. |
| prices.azure.com | Retrieve the latest cloud pricing data from Azure |
| *.services.visualstudio.com | Upload appliance logs used for internal monitoring. |
| *.vault.azure.net | Manage secrets in the Azure Key Vault. Note: Ensure servers to replicate have access to this. |
| aka.ms/* | Allow access to aka links; used to download and install the latest updates for appliance services. |
| download.microsoft.com/download | Allow downloads from Microsoft download center. |
| *.discoverysrv.windowsazure.com *.migration.windowsazure.com | Connect to Azure Migrate service URLs. |
| *.blob.core.windows.net | Used for storage account access and data copy |
| psg-prod-eastus.azureedge.net az818661.vo.msecnd.net devopsgallerystorage.blob.core.windows.net *.powershellgallery.com go.microsoft.com https://www.nuget.org/v2 | PowerShell Gallery access |
| api.powerbi.com *.azureedge.net *.osi.office.net *.msecnd.net store.office.com login.microsoftonline.com visualstudio.com *.analysis.windows.net *.pbidedicated.windows.net dc.services.visualstudio.com *.powerbi.com web.vortex.data.microsoft.com store-images.s-microsoft.com *.s-microsoft.com | Access to the Power BI service (in instances where customers would like to publish the reports to a Power BI project). For the latest list of required URLs, see the Power BI allow list. |
| catalogapi.azure.com catalogartifact.azureedge.net graph.microsoft.com marketplaceapi.microsoft.com portal.azure.com service.bmx.azure.com login.live.com management.core.windows.net azurewebsites.net | Azure Marketplace |
For a specific list of Azure Migrate-only URLs, see the Azure Migrate appliance URL allow list.
Validate results
- Peered VNets show Connected state
- Dr Migrate resolves to internal IP and is reachable from target network
Troubleshooting
- Peering not connected: verify address space overlap and permissions
- Cannot reach app: check NSGs, firewalls, and DNS resolution across VNets
Next steps
- If using Private Endpoint for Azure Migrate, review Configure Private Endpoint