.png)
A 14-year-old government platform was modernised to support AI capabilities without disrupting live operations across 6 dependent agencies.
A state government department responsible for managing professional licensing, regulatory compliance reporting, and public records access across six agencies had been operating on a platform originally built in 2009 on a now-unsupported technology stack — a monolithic ASP.NET Web Forms application running on SQL Server 2012 with no API layer, no modern authentication framework, and a deployment process that required a full application restart to release any change. The platform served 340,000 registered users across the six agencies, processed 1.2 million transactions annually, and had not had a major architectural update since 2014.
The department's technology leadership had identified three specific consequences of the legacy architecture that were no longer acceptable. First, the platform could not support any of the AI capabilities the department had approved for investment — its data architecture was incompatible with modern ML infrastructure. Second, two of the six agencies had been issued statewide cybersecurity directives requiring multi-factor authentication implementation within 18 months — a requirement the platform's authentication framework could not meet without a complete rewrite. Third, the platform's SQL Server 2012 instance was reaching end-of-extended-support, after which Microsoft would issue no further security patches.
Verttx was engaged to modernise the platform systematically — replacing the technology stack, introducing a modern API layer, migrating to cloud infrastructure, and enabling AI capability — without disrupting the six agencies that depended on the platform daily. The engagement ran for 18 months and was completed with zero hours of unplanned downtime.
The platform's technical debt had accumulated across 14 years in ways that made any single change risky. The codebase contained 847,000 lines of code across 2,340 files, the majority of which had no unit tests and no inline documentation. Three developers who had written significant portions of the original codebase had left the department between 2016 and 2020. Business logic was embedded directly in SQL stored procedures — 1,140 of them — with no separation between data access and application logic. Changing any significant system behaviour required understanding dependencies that were nowhere documented and could only be discovered by reading code that had been written under time pressure a decade earlier.
The deployment risk was the most immediate constraint on any modernisation approach. The platform ran 24 hours a day, seven days a week. Licensing examiners in one agency worked evening shifts. Public records requests could be submitted at any hour. The regulatory compliance reporting system for a third agency had a statutory obligation to accept submissions at all times during open reporting windows. A big-bang replacement — taking the old system down, migrating to the new one, and bringing it back up — was operationally and legally unacceptable. The modernisation had to happen while the platform kept running.
The department had attempted a modernisation once before, in 2019. That engagement — with a different vendor — had been terminated after 11 months having consumed $1.4 million in budget and produced no deployable output. The department's CIO had specific requirements for the second attempt: a phased delivery approach with working software at every stage, contractual milestones tied to deployed functionality rather than completed documentation, and a technical audit of the previous vendor's work before any new development began.
Verttx began with a six-week technical audit of the existing codebase, the 1,140 stored procedures, the data schema, and the incomplete work from the previous engagement. The audit produced a dependency map of the 847,000-line codebase — identifying which components were safe to replace in isolation, which were deeply entangled with other system behaviour, and which of the previous vendor's incomplete work was worth preserving versus discarding. Of the previous vendor's output, 34% was incorporated into the new architecture after refactoring. The remaining 66% was discarded. The audit also identified 14 undocumented business rules embedded in stored procedures that had no external documentation and that the department's operations team had not known were being enforced by the database layer.
Verttx used a strangler fig pattern to modernise the platform incrementally without a big-bang replacement. A new API layer was built alongside the existing application, initially proxying requests to the legacy system while the new microservices were built behind it. As each new service reached production readiness, traffic was migrated from the legacy system to the new service — one functional domain at a time — with the legacy system remaining live as a fallback until each migration was validated. The six agencies never experienced the platform going away. They experienced individual features improving while everything else continued to work exactly as before.
The migration sequence was determined by the dependency map produced in the audit: lowest-risk, lowest-dependency components first; highest-traffic, highest-dependency components last. Public records search was migrated first — a relatively self-contained function with no write operations and straightforward rollback if problems emerged. The regulatory compliance reporting system — the most complex, most legally constrained, and most operationally critical component — was migrated last, after the team had 14 months of production experience with the new architecture and had built comprehensive confidence in its stability.
The MFA requirement was addressed as part of the authentication service modernisation — replacing the legacy forms-based authentication with an OAuth 2.0 / OpenID Connect framework integrated with the state's existing identity provider. The migration enrolled all 340,000 registered users in MFA without requiring them to re-register their accounts. Users were migrated through a rolling enrolment process over eight weeks, with agency-specific communication campaigns preceding each cohort's migration date. The two agencies under the cybersecurity directive met their MFA compliance deadline with six weeks to spare.
The new platform's data architecture was designed from the start to support the AI capabilities the department had approved. The SQL Server 2012 monolith was replaced with a modern cloud database layer — PostgreSQL for transactional data, a separate analytical data warehouse for reporting and ML workloads, and a real-time streaming pipeline connecting operational events to the analytical layer. This separation of transactional and analytical workloads — which the previous architecture had not made — is the foundational requirement for training ML models on operational data without impacting system performance. The first AI capability built on the new architecture — a document completeness prediction model for the licensing agency — reached production six weeks after the platform modernisation was complete.
The 18-month engagement completed on schedule and within the approved budget. Zero hours of unplanned downtime occurred across live operations throughout the engagement — a record the department's CIO highlighted specifically in the post-implementation review as the outcome that had seemed least achievable at the start. All six agencies operated continuously throughout the modernisation. No statutory obligation was missed. No agency had to file a service disruption report with the state IT governance office.
The MFA compliance requirement was met for both affected agencies six weeks ahead of the cybersecurity directive deadline. The SQL Server 2012 end-of-support migration was completed four months before the support expiry date. The platform's deployment process, previously requiring a full application restart that took 40 minutes and had to be scheduled during low-traffic windows, was replaced with zero-downtime deployments that complete in under 90 seconds — reducing the department's release cycle from monthly to weekly.
System performance improved materially across every measured dimension. Average API response time fell from 2.8 seconds to 340 milliseconds. Page load time for the platform's most-used public-facing screens fell from 4.1 seconds to 0.9 seconds. Infrastructure cost fell by 34% through right-sized cloud resource allocation replacing the over-provisioned on-premise servers the old system had required. The first AI capability — the document completeness prediction model — went live six weeks after platform completion and reduced incomplete submission rates for the licensing agency by 41% in its first quarter of operation.
The modernised platform — all microservices, the complete infrastructure-as-code specification, the CI/CD pipeline, and the full technical documentation covering every architectural decision made during the 18-month engagement — was transferred to the department's engineering team at handover, giving them complete ownership of a system they fully understand.
We had been burned once before on a modernisation that consumed a year and a million dollars and produced nothing deployable. Verttx started with an honest audit of what we had — including what the previous vendor had left behind — and delivered working software at every stage. The platform is running better than it ever has. The agencies never felt a disruption. — Chief Information Officer, State Government Department
.png)
18-month engagement completed on schedule and within budget with zero hours of unplanned downtime. Both agencies under cybersecurity MFA directives met compliance deadlines six weeks early. Deployment cycle reduced from monthly to weekly with zero-downtime releases completing in under 90 seconds. Average API response time fell from 2.8 seconds to 340 milliseconds. Infrastructure cost reduced by 34%. The first AI capability built on the new architecture went live six weeks after platform completion and reduced incomplete submission rates by 41% in its first quarter.
.png)
.png)
