A clinical operations platform serving hospitals on three continents was running on a single Frankfurt VM. We moved them to active-active Kubernetes across EU, US, and APAC in nine months, with HIPAA and GDPR controls baked into the infrastructure-as-code.
faster API responses globally
800ms → 40ms median
Client
Series B clinical operations platform
Timeline
9 months (architecture + build + migration + audit support)
Team
4 engineers, 1 architect, 1 SRE, 1 security engineer
Engagement
Migration project, fixed scope with weekly steering committee
A Series B clinical SaaS company had outgrown its origin story. The platform — built quickly to win the first 50 hospital customers — ran on a single beefy VM in Frankfurt with daily snapshots and a hopeful disaster-recovery plan. As US and Australian customers came online, latency complaints became deal-blockers and enterprise procurement teams started asking pointed questions about data residency.
Multi-region active-active was the only design that solved both the latency and data-residency problems simultaneously. We treated HIPAA + GDPR controls as part of the infrastructure code, not a layer added afterward.
01
Three regions (eu-central-1, us-east-1, ap-southeast-1) on EKS with PostgreSQL logical replication, Redis edge cache, and CloudFront-based traffic routing. Data residency rules baked into routing — EU customer data never leaves the EU plane, full stop.
02
HIPAA and GDPR controls written into Terraform modules: encryption at rest and in transit, audit logging, key rotation schedules, BAA-aligned access controls, role separation. Auditors get a Terraform plan, not a PDF.
03
PostgreSQL primary in EU with logical replication to regional read replicas. Region-local writes for non-PHI data; PHI writes routed to the appropriate residency region. Connection pooling via PgBouncer per region.
04
Refactored the application's data access layer to be region-aware — every read served locally, writes routed by data classification. Roughly 8% of the codebase touched, with comprehensive integration tests for the routing logic.
05
Migrated customers in five cohorts over six weeks, starting with the smallest accounts. Each cohort got a one-week soak period before the next moved. Zero data-loss incidents, two minor rollbacks for unrelated config issues.
06
Full active-active DR drill (intentional region failure with traffic shifted) before the audit. HIPAA and GDPR audits ran in parallel; both closed without findings. Engineering team trained on the new operational model.
faster median API responses
800ms → 40ms globally
SLA delivered over 12 months post-launch
active-active regions with sub-4-minute RTO
audit findings across HIPAA and GDPR re-certifications
of the codebase touched to support region-awareness
The three EU enterprise deals that had been blocked on data-residency questions closed within 90 days of the EU plane going active. US enterprise growth accelerated visibly once latency stopped being an objection — three of the five largest US customers in the company's history signed in the year following the migration.
The disaster-recovery story is no longer hopeful. The team runs a quarterly intentional region failure (a failed-region day, not a game day) — full traffic shift, real customer requests, recovery measured in minutes, not hours. Auditors love it.
We continue to support the platform on a fractional-SRE basis — roughly 0.5 FTE of senior infrastructure capacity that scales up and down with their needs.
01
Architecture & compliance design
Multi-region topology, data-residency rules, HIPAA/GDPR control mapping, target IaC structure.
02
Foundation build
EKS clusters in 3 regions, Terraform modules, ArgoCD, observability, encryption + audit logging baseline.
03
Application refactor
Region-aware data access layer, integration tests, performance benchmarking against the legacy.
04
Phased customer cutover
Five cohorts, smallest first. One-week soak per cohort. Zero data-loss incidents.
05
DR drill, audit, stabilization
Active-active DR exercise, HIPAA + GDPR re-audits, on-call rotation handover, runbook authoring.
05
Infrastructure that doesn't keep you up at night. AWS, GCP, Azure. Kubernetes when it earns its place. CI/CD with rollback. Cost-aware from day one.
Learn more01
End-to-end web applications — from API design to deployment pipelines. React, Next.js, Node.js, and the rest of the stack you'll actually run in production.
Learn more02
Bespoke business systems built around the workflow you actually have, not the one a generic SaaS forces on you.
Learn moreStrangler-fig migration from a PHP monolith to a Node.js microservices platform on Kubernetes. p95 latency dropped from 1.8s to 320ms, PCI-DSS audit passed, transaction headroom 4×.
A 12-person ops team manually classifying 800+ shipping documents a day became a 4-engineer + LLM pipeline doing it in minutes, with a 0.3% error rate. Customs holds dropped 80%.
Most engagements start with a 30-minute discovery call. No pitch deck, no NDAs on day one — just an honest conversation about your situation.
Schedule a Call