My original answer was focused on migrating to a vApp environment, you scenario is server based, so the answer will be slightly different.
If the need is to keep the old environment as is, the best path is to replicate it (DB, Directory and application) to a contained and firewalled VM network. This will help to maintain exiting IPs and reduce risk of the provisioning server accidentally accessing endpoints. You might need to update the host files on the servers to maintain name resolution.
You can then processing to upgrade the existing environment, and have the extra benefit of the replicated system as a roll-back option.
Second option is to follow the path I describe for the vApp, only use a server based installation. In this scenario all audit information will be available on the old system only.