Hygiena's web platform was built on Acquia's managed PaaS — and it worked. The headless Drupal/Next.js platform we'd delivered in early 2023 was live, performant, and serving their global teams. But the infrastructure it ran on was becoming a problem.

The annual bill had reached $136,000, with $24,000 of that in monthly overage charges alone. Build times ran up to 90 minutes. Visit caps meant traffic spikes required manual intervention. There was no meaningful control over the infrastructure layer — Acquia's managed environment made that impossible by design.

The question wasn't whether to move. It was how to do it without disrupting a production platform serving a global life sciences business.

The first three weeks: no code

The single biggest decision was not touching anything. For three weeks we mapped, measured and planned. Which workloads ran when? What were the actual resource profiles versus the Acquia-declared limits? What would the Azure cost model look like at various capacity levels?

The output was a written architecture document with a prioritised delivery plan. That document set the order of everything that followed. Without it, we'd have been making expensive decisions based on guesswork.

We didn't touch production for the first three weeks. It felt unusual — but that's exactly why the next six months went well.

The build: 21 days to production-ready

The platform was designed and delivered from scratch in 21 days. The AKS cluster was architected for high availability across two Azure availability zones, with namespaced environments for dev, staging and production, and scale-to-zero for non-production workloads.

The full application stack — Drupal PHP-FPM, Next.js, Apache Solr, Varnish and Redis — was containerised and deployed with co-located services, eliminating the ISR build constraints of the Acquia environment. Azure Key Vault, Container Registry, Application Gateway, Azure Front Door and Azure Monitor were integrated across the stack. Security was implemented across multiple layers: Cilium network policy, RBAC, Entra ID integration and automated SSL/TLS via cert-manager.

ArgoCD was implemented as the GitOps engine. Istio was deployed as the service mesh for traffic management, mTLS encryption and telemetry. Prometheus and Grafana provided real-time observability and alerting.

The migration: one week, zero distruption

The production cutover was completed in one week with zero customer-facing disruption. Traffic was shifted progressively, with full rollback capability at every stage. The team at Hygiena saw no downtime. Their users saw no degradation.

The result

Annual hosting costs dropped from $136,000 to approximately $49,700 — a 63% reduction. The $24,000 monthly overage charges were eliminated entirely. Build times fell from up to 90 minutes to under 10 minutes. The platform now runs with no visit caps, full infrastructure control, and double the compute resources at a fraction of the previous cost.

Projected savings over three years: $207,500 against the legacy Acquia setup.

What we didn't do

We didn't move for the sake of moving. The decision to migrate was grounded in a clear financial and operational case, agreed with Hygiena's leadership before a line of infrastructure code was written.

We didn't sacrifice stability for cost. Every percentage point of saving was validated against performance and reliability requirements before it was committed.

We didn't hand it over and walk away. The engagement continues as an ongoing retainer covering infrastructure management, platform evolution and new product development.

Lessons that travel

Start with a clear picture of what you're running and what it costs. The map is cheap. The mistakes you avoid by having it are not.

A managed PaaS is the right choice at the right stage. At some point, the constraints it imposes cost more than the operational overhead it removes. Knowing when you've crossed that line is the work.

If you're looking at a similar situation — infrastructure costs that have grown faster than the business, or platform constraints that are starting to limit what you can deliver — you're welcome to get in touch. A 30-minute call is usually enough to see where the real gains are.