top of page

Healthcare Migration on to Azure

Project Hosts often recommends a “lift and shift” methodology for migrating existing hosted applications to the cloud.  At a high level, this approach involves taking full backups of all of the servers in the on-premises environment and restoring them as virtual servers in the cloud.  The net result is a cloud environment that is an exact copy of the current environment.

The advantage in this approach is a seamless experience for users, whether they are connecting directly from inside a Customer network or from the Internet.  Users can continue to use the same URLs, accounts, and passwords that they have always used, and there are no new login prompts for any activity.

The sample migration plan below assumes that Active Directory is used in Customer’s existing on-premises environment to authenticate users and manage servers.

High Level Migration Plan

Test Seamless Authentication


  • Provision subnets, web application firewall and access controls in customer’s Azure subscription

  • Establish a VPN or Azure Express Route connecting Customer’s on-premises domain controllers with Customer’s Azure subscription

  • Provision Azure VMs and replicate them with Customer’s domain controllers

  • Deploy in Azure a sample web application and a Remote Desktop server  as well as security servers for monitoring, scanning, security administration, gateways and proxies

  • Ensure that Customer users are able to authenticate to the sample web application, using their same username and password

  • Test Access over Express Route for users on Customer’s on-premises network

  • If allowed, test access from the internet for users not on Customer’s network


Test a Lift-and-Shift

  • Create subnets in Azure that mirror customer’s on-premises network subnets, keep them isolated from the internet, the Azure domain controllers, and Customer’s on-premises network

  • Do a Lift and Shift Migration

  • Assist customer in creating a VHD image of each on-premises server to be migrated, including domain controllers

  • Upload images to Azure or use Azure Import Service

  • Use images to provision servers in the isolated Azure subnet

  • Since the Azure servers are isolated, customer’s on-premises AD servers will not get confused about having 2 exact copies (with the same names, IPs etc.) of each server

  • Take full backups of on-premises databases, upload then to Azure and restore them

  • From the Remote Desktop server created in step one, customer user access the isolated Azure deployment and verify functionality


Final Migration (Preparation)

  • Freeze any system level changes to customer’s on-premises servers

  • Repeat lift and shift migration steps preformed in testing and verify functionality

  • Remove access to customer’s on-premises environments

  • Take full backups of on-premises databases, upload to Azure and restore them

  • Verify all application functionality and data access (Still using Remote Desktop Access)

Final Migration (Cut-Over)

  • Shutdown on-premises servers, except domain controllers

  • Connect the migrate servers (except the static copies of domain controllers) to customer’s network and the domain controllers established in Microsoft Azure in Step 1. If allowed, also enable access to the internet

  • Change DNS records as customer’s site to point to the Cloud

  • Verify full functionality, authentication and access to the Cloud

Ongoing Azure Managed Services

  • Azure Performance Management

  • Azure Security Management

  • Azure Access & Application Management

Optional Compliance Services

  • Documentation of HIPAA & HITRUST Security Controls

  • HIPAA & HITRUST Assessment Management

bottom of page