contact@stackops.ch +41 22 519 76 05 +33 4 80 16 18 39
Available for new projects — French-speaking Switzerland, Lyon, Paris
StackOps
← All case studies
Healthcare / Non-profit Non-profit — France 4 months (recurring consulting)

Hybrid architecture for a national association

Designing a hybrid platform mixing Proxmox on-premise (sensitive data) and Kubernetes in the cloud (public services), with a secure link between the two.

Context

A national non-profit in the healthcare sector hosted all its applications with a long-standing provider, with a bill that kept growing and almost no exit strategy. Highly sensitive patient data, strict HDS / GDPR requirements.

The goal: take back control, keep critical data in France on infrastructure we own, while exposing public services in an agile cloud.

Work delivered

  • Mapping of flows and classification of data (sensitive vs public)
  • Proxmox cluster of 3 nodes in a French HDS-certified datacentre for patient data
  • Kubernetes cluster (public cloud, France) for the exposed web services
  • Site-to-site IPsec tunnel between the two environments + WireGuard mesh for the ops team
  • Distributed Ceph storage on-premise (3x replication, encrypted off-site backups)
  • 3-2-1 backup policy with monthly restore tests
  • Full runbook documentation + incident procedures

Outcome

  • HDS / GDPR compliance validated in the annual audit
  • Annual costs reduced by ~40% at equivalent scope
  • Disaster recovery plan tested twice a year, RTO < 4h
  • Internal team (2 people) self-sufficient on Proxmox and Kubernetes after 6 months

Stack

Proxmox · Ceph · Kubernetes · Cilium · WireGuard · Ansible · Terraform · Vault