Migrating your cloud-based databases to Microsoft Azure can be a transformative journey, offering enhanced performance, scalability, and security. I’ve had the opportunity to dive deep into this process, and I’m excited to share the key points that can make your migration smooth and successful.

If you’re using the Azure Migration Hub as your starting point, you’re already ahead. But when migrating to cloud-based databases, a few key details can make or break your deployment.

Some key considerations for migrating are infrastructure and configuration, web application firewall configuration, DNS, hostnames, and session management.

Databases you can migrate to Azure

PostgreSQL

Advanced Security Features: Integration with Azure Key Vault ensures secure storage and management of encryption keys and secrets. Advanced Threat Protection provides real-time monitoring and alerts for potential vulnerabilities and attacks. A fully managed PostgreSQL with enterprise-grade features:

• Secure by Default: TLS, TDE, Private Link, and Azure AD integration.


• HA & DR Ready: Zone-redundant HA, PITR backups (35 days), and cross-region replicas.


• Scalable: Choose performance tiers; scale compute/storage independently.


• Simplified Ops: Monitor via Azure Monitor, automate with Bicep/Terraform.


• Compliance: ISO, SOC, HIPAA, FedRAMP, GDPR—all covered.

AI capabilities: Azure Database for PostgreSQL can seamlessly integrate AI capabilities into their database infrastructure. Azure’s robust support for machine learning and AI tools allows PostgreSQL users to perform complex data analysis and predictive modeling directly within their database environment.

Enhanced Performance and Scalability: Azure Database for PostgreSQL offers built-in high availability and scaling options, allowing you to adjust resources based on demand.

Enterprise Ready: Azure Database for PostgreSQL is fully enterprise-ready, offering a comprehensive set of features designed to meet the demands of large-scale business applications.

High Availability and Disaster Recovery: Azure Database for PostgreSQL offers robust high availability options with built-in redundancy and automated failovers.

Simplified Management: Automated backups and point-in-time restore capabilities ensure data integrity. Azure Monitor and Log Analytics offer comprehensive insights into database performance and usage patterns.

For more information, visit Azure Database for PostgreSQL Blog.

MySQL

Flexible Scaling: Vertical scaling lets you adjust computing and storage resources independently, improving cost and performance. Read replicas improve read performance by distributing read operations across multiple replicas.

High Availability and Disaster Recovery: Azure Database for MySQL offers built-in high availability with automatic failovers for zonal failures and geo-replication for regional disaster scenario

Security and Compliance: Azure Database for MySQL (Flexible Server) offers a secure, scalable, and fully managed MySQL experience built for production workloads. Here’s how it stands out:

• Encryption by Default: Data is encrypted at rest (AES-256) and in transit (SSL/TLS 1.2+).


• Private Connectivity: Deploy into a VNet or use Private Link to isolate your server—completely disabling public access.


• Identity Management: Supports native MySQL auth and Azure AD authentication for centralized access control with optional managed identities.


• Auditing: Enable audit logs to track activity, store logs in Azure Monitor, and integrate with security tools.


• Compliance: ISO, SOC, PCI DSS, and GDPR aligned—ideal for regulated industries.

Simplified Management

• Azure-native Monitoring: Deep integration with Azure Monitor, Advisor, and Log Analytics.


• Tuning Insights: Performance recommendations and slow query analysis built in.


• DevOps Ready: Automate deployments via CLI, Bicep, or Terraform; full support for CI/CD pipelines.

For more information, visit Azure Database for MySQL.

SQL Server

Enterprise-Grade Features: Azure SQL Database offers features like automatic tuning, intelligent query processing, and advanced data security. Managed Instances provide near 100% compatibility with on-premises SQL Server, simplifying migration.

High Availability and Scalability: Built-in high availability with automatic failover and geo-replication ensures data resilience. Elastic pools allow you to manage multiple databases with varying resource demands efficiently.

Integration and Analytics: Azure Synapse Analytics integrates seamlessly with SQL Server, enabling advanced analytics and data warehousing. Power BI provides powerful visualization and reporting tools for data insights.

For more information, visit Azure SQL Blog.

Key Considerations for Migration

Migrating databases involves more than just moving data.

Infrastructure and Configuration

Here are some critical details to watch for:

Load Balancing: AWS Application Load Balancer (ALB) maps loosely to Azure Application Gateway, but you’ll need to use it alongside an ingress controller like NGINX or AGIC. Expect to configure both.

Secrets Management: Switch from AWS Secrets Manager to Azure Key Vault and reconfigure those connection strings.

TLS Routing: End-to-end encryption isn’t automatic—you’ll configure TLS termination at the gateway. Watch your ports and certificates

Web Application Firewall (WAF) Configuration

Azure WAF runs Open Worldwide Application Security Project (OWASP) rules by default, but you can add custom rules for things like protection from bad bots (those that do scrapping, scanning or look for vulnerabilities) or query string filtering. Testing is crucial—use curl-based attack simulations (SQL injection, XSS, etc.) to verify rules that are active and working.

Logs and Telemetry: WAF integrates with Azure Monitor and Log Analytics, providing access to Kusto queries to drill into matched rules, IPs, and trends.

DNS, Hostnames, and Session Management

Hostnames: Use the same hostname across your Application Gateway and ingress controller to avoid session, cookie, and authentication issues.

Certificates: You can pull certificates from Key Vault, so reusing the same hostname simplifies your certificate management.

DNS: Set up records pointing to your Application Gateway’s public IP address.

Real-World Insights

Migrating a real-world app backend—using PostgreSQL and Redis on AWS—to Azure SQL Database and Azure Cache for Redis taught us valuable lessons. Here’s what stood out:

Network Access: AWS Security Groups ≠ Azure Network Security Groups. Ensure your Azure resources are properly secured but still reachable.

Performance Tuning: Query store and index tuning in Azure Database for PostgreSQL are fundamental features that you want to use to diagnose performance problems and get recommendations that aim to improve the performance of your workload.

TLS & Certs: Azure uses encrypted connections by default. Double-check your client drivers and connection settings.

DNS Setup: Update A records and point your apps to *.database.windows.net. Old endpoints = broken apps.

Session State: Moving to Azure Cache for Redis? Revisit TTLs, memory policies, and reconnection logic.

Ready to Dive In?

Depending on which database you are considering migrating to Azure, you can start at the Azure Migration Hub.

This helps list the different types of Azure Databases you can migrate to, especially from AWS.