Docs
Overview
Hosting Methods
SaaS (Cloud Hosted)

SaaS (Cloud Hosted)

Dr Migrate’s SaaS solution provides a secure, hosted instance for customers, simplifying setup on their side.

Customers can connect their environment to Dr Migrate using either:

  • Azure Migrate Appliance
  • Dr Migrate Collector (DMC)

Both routes deliver data into the same SaaS-hosted Dr Migrate platform for analysis and reporting.

Dr Migrate Cloud Security Standards

The Dr Migrate SaaS solution runs on the Altra Azure Tenant.

  • Compliant with ISO27001 (link)
  • Adheres to General Data Protection Regulation (GDPR) for privacy and personal data protection
  • Data encrypted at rest and in transit
  • Access controlled via Azure AD B2B
ℹ️
For comprehensive security information including SOC2 compliance, penetration testing results, security controls, and detailed architecture documentation, visit our Trust Center.

Architecture Options

Using Dr Migrate Collector (DMC) as the Discovery Tool

The Dr Migrate Collector (DMC) provides an alternative to Azure Migrate for discovery.
It is a lightweight, tool that collects data directly from VMware, Windows, or Linux environments.

Key Points:

  • DMC requires read-only access (vCenter, Guest).
  • Data is encrypted at rest and in transit.
  • DMC does not send any data by default. Output is locally available for review before any upload occurs. Into the SaaS portal.
  • No Azure subscription is required.
  • Access to SaaS remains controlled via AD B2B.

Key Architecture Components

Component Purpose
Customer On-premises environment Infrastructure to be scanned
Dr Migrate Collector (DMC) Lightweight data collection
SaaS Hosted Dr Migrate Secure customer instance of Dr Migrate
Active Directory B2B Secure authentication

Data Flow

Data flows directly from the customer’s environment into Dr Migrate SaaS:

From To Description
Customer On-premises environment Dr Migrate Collector (DMC) DMC scans VMware, Windows, Linux environments with read-only access.
Dr Migrate Collector (DMC) Dr Migrate SaaS Results are packaged, encrypted, and uploaded securely to the SaaS endpoint by Customer/Engineer with access to the SaaS Portal.

FAQ (DMC)

Does DMC require Azure Migrate?
No. DMC is standalone, but can be used alongside Azure Migrate.

What permissions are required?

  • VMware: read-only vCenter access
  • Windows/Linux: local read-only + performance counters
  • SQL: limited login for schema/config insights

Does DMC affect performance?
Negligible. Scans are snapshot, not continuous profiling.

How much data is uploaded?
Typical uploads are small (a few MB per server per scan).

What types of insights are available?

  • Application-to-server mapping
  • Network dependencies
  • OS/SQL end-of-support status
  • Security and modernization callouts
SaaS with Azure Migrate

Figure: SaaS architecture using Azure Migrate as the discovery tool

Using Azure Migrate as the Discovery Tool

The customer’s Dr Migrate Cloud instance uses a limited access SPN to synchronize with the Azure Migrate Project. Once synchronized, near-real-time insights are accessible through the Dr Migrate web interface.

Key Points:

  • The Azure Migrate appliance requires read-only access to target hypervisors, VMs, and servers.
  • Data is encrypted at rest and in transit.
  • Data is sent from the Azure Migrate appliance to the Azure Migrate Project over port 443.
  • Dr Migrate ingests data from the Azure Migrate Project via REST API using a limited access SPN.
  • Access to the SaaS instance is controlled via AD.

![SaaS with Azure Migrate][1]

Key Architecture Components

Component Purpose
Customer’s Azure Subscription Hosting of required infrastructure
Customer On-premises environment Infrastructure to be scanned
Azure Migrate Appliance Data collection on-premises
Azure Migrate Project Data hosting within customer’s Azure
SaaS Hosted Dr Migrate Secure customer instance of Dr Migrate
Active Directory B2B Secure authentication

Data Flow

Data is synchronized between the customer’s
Azure Migrate Appliance → Azure Migrate Project → Dr Migrate Cloud instance.

From To Description
Azure Migrate Appliance Azure Migrate Project (Customer Azure) On-premises servers are scanned and non-PII data is collected and uploaded.
Azure Migrate Project Dr Migrate SaaS Dr Migrate uses a limited access SPN to securely synchronize the data.

Data between Azure Migrate and Dr Migrate is encrypted using HTTPS (port 443).
The Dr Migrate VM runs in an isolated network and data disks are encrypted.

ℹ️
See Microsoft’s [Online Common Questions][L22] for Azure Migrate appliance sizing, connectivity, and setup guidance.

FAQ (Azure Migrate)

Does the SaaS and Azure Marketplace versions of Dr Migrate have the same features?
Yes.

Does Dr Migrate require access to on-premises servers?
No. Dr Migrate uses Azure Migrate as the secure data collection source.

Does the Azure Migrate appliance affect performance?
Minimal. Profiling is scheduled during low-load periods and has negligible impact.

How much data is uploaded during continuous profiling?
~5 MB per server, per day (varies with disk/NIC count).

What network connectivity is required?
The Azure Migrate appliance must reach Azure URLs — see Microsoft’s documented list.

What data points should Azure Migrate collect?
Software Inventory, Application Dependency, SQL Inventory, and network data.

How many Azure Migrate Appliances are required?

  • One per discovery method (VMware, Hyper-V, Physical).
  • One per ~500–1000 machines in that method.