Azure Network Migration with ExpressRoute


Intergraph Corporation was an American software development and services company, which now forms part of Hexagon AB. It provides enterprise engineering and geospatially powered software to businesses, governments, and organizations around the world.

Huntsville, AL
Designed Azure Network Infrastructure
Design and deployment of an Azure Network Infrastructure that would scale to support the unique needs of Intergraph while minimizing Network Administration and Management.
Azure Resource Manager (ARM) templates & Cloud Adoption Framework (CAF)
Implementation using Azure Resource Manager (ARM) templates creating a configurable infrastructure that could be managed and maintained. The Azure migration was done using Cloud Adoption Framework.

Alabama-based Intergraph (now part of Stockholm-based Hexagon) is a global leader in providing information technology for industrial and geospatial applications to create autonomous connected systems. With over 20,000 employees across the globe, they are a major provider of asset life cycle solutions for the design, construction, and operation of hyperscale industrial facilities such as nuclear submarines and plants.

Intergraph engaged Atmosera to assist in envisioning and implementing an Azure Network Infrastructure that would scale to support the unique needs of Intergraph while minimizing Network Administration and Management.


The Intergraph environment faced a potential problem with a significant increase in subscriptions. Additionally, the use of Virtual Network Peering (vNet Peering) is non-transitive, meaning managing traffic becomes more complex as more networks are added. Network limitations, such as the maximum number of addresses in a Virtual Network, need to be considered for large-scale deployments.

The current network connection from Intergraph headquarters in Huntsville, AL to a transit vNet in the South-Central US Region was experiencing resource constraints. Intergraph needed to ensure connectivity to at least two additional Azure regions and the ability to fall back to VPNs in case of an ExpressRoute failure. The network setup needed to be repeatable, using infrastructure-as-code techniques and with specific staff permissions for modifying network infrastructure resources.

An additional challenge was the diversity of product groups and technologies used internally, as Intergraph relies on multiple Microsoft and non-Microsoft technologies, all of which required the same level of support from the cloud environment. Atmosera worked with Intergraph’s teams to help them understand how to create and support these environments in Azure, how to network them to existing on-premises environments, and how to optimize these environments to maximize performance and minimize costs.

Azure Migration Process Broken Down

Atmosera designed and implemented a hybrid network architecture, leveraging ExpressRoute to connect their on-premises networks to an Azure-based network architecture that maximized performance, provided isolation where required, and enabled flexibility for future growth and adaptability. The site-to-site VPN was redeployed, connecting to Azure through a VPN Gateway to support emergency failover in the event of a catastrophic ExpressRoute provider failure. To ensure optimal performance and minimize maintenance costs, network virtual appliances (NVAs) were utilized for routing and firewall support. This allowed Intergraph’s networking team to continue to utilize existing technologies and skillsets, including sharing configuration data between on-premises FortiGate systems and Azure-hosted appliances.

hub-and-spoke model was used to ensure that subscriptions and resources could be appropriately isolated in Azure, allowing business units to consolidate resources, grant appropriate permissions, and scale their environments to support their development teams as they build and test their respective software products. This model also enables Intergraph to add additional business units and product groups in the future, ensuring that the company has a repeatable model that supports continued growth.

User-defined routes (UDRs) were deployed in each spoke to ensure that traffic was managed by the FortiGate NVA. Individual subnets were further secured with Network Security Groups (NSGs).

The solution was implemented using Azure Resource Manager (ARM) templates. This created a configurable infrastructure that could be managed and maintained in source control. As Intergraph enhanced additional global data centers with Azure connectivity, these templates could be automatically deployed to create the necessary configurations with minimal training. The Microsoft Cloud Adoption Framework (CAF) was used as the base methodology for the migration in terms of planning and strategy.

Atmosera worked with the Intergraph team to consolidate subscriptions, provide connectivity to Azure Locations in three locations around the United States, and provide isolation for individual products while at the same time scaling to Intergraph’s needs.