060 279 5587 info@sitect.co.za 139 Davies Street, Doornfontein, Johannesburg, 2001 Gauteng, SA
🇿🇦 EN Client Portal →
Software · Legacy System Modernisation

Migrate old systems — without breaking everything.

PHP 5.6, Classic ASP, Visual Basic, on-prem Delphi, monolithic Java EE, ageing .NET 4. Whatever your legacy stack, we replace it piece by piece — with the business still running, the data preserved, and the rewrite never blowing the budget.

From R32k · scoped per build 3–9 months typical · phased Zero-downtime cutover
Scope a modernisation Audit my legacy system
Before · Legacy monolith
After · Modern modular stack
Mzansi-ERP-Production End-of-life
One monolith · everything coupled

Mzansi ERP PHP 5.6 · 2009

Orders
Customers
Invoicing
Inventory
Reports
Auth
Payments
Email
PHP 5.6 · no security patches since 2019
No tests · changes ship by prayer
One developer remembers the codebase
62% Migrated
Sitect-modernised platform 5 of 8 live
Composable · independently deployable
Orders service
LiveLaravel 12 · 99.9%
Customers
LiveLaravel 12 · 99.9%
Inventory
LiveNode + Postgres
Auth + SSO
LiveOAuth 2.0
Payments
LiveYoco · Stripe
Invoicing
Q3In flight
Reports / BI
Q4Planned
Email + Notif.
Q4Planned
5 modules migrated · 3 to go. The legacy ERP is still running for the 3 unmigrated modules — zero downtime to customers.
Why legacy systems become emergencies

The 4 ways legacy code silently bleeds your business

Legacy systems don't die in a single dramatic failure. They die from a thousand quiet cuts — until the day a new requirement, a security advisory, or a key-person resignation forces the rebuild that should have been planned three years earlier.

Cost 01

Every feature ships in twice the time it should.

The codebase is brittle and untested. Changes ripple unpredictably. Engineers tip-toe around modules they don't understand. What should be a one-week feature becomes a three-week archaeology project. The roadmap silently halves its throughput.

What it costs: half your engineering velocity, indefinitely.
Cost 02

You can't hire engineers who want to work on it.

"PHP 5.6 and Classic ASP, on Windows Server 2008" is a job advert that doesn't attract candidates. The team that still maintains it is shrinking, and replacing them takes 6 months and a 30% salary premium per person. Eventually one person knows the system, and they're a flight risk.

What it costs: escalating salaries, single-point-of-failure dependency, slow hiring.
Cost 03

The security advisories keep coming. You can't patch them.

PHP versions out of support. Frameworks that haven't shipped a release in 5 years. Libraries with known CVEs you literally cannot upgrade because the runtime is too old. The compliance officer is starting to ask uncomfortable questions.

What it costs: POPIA exposure, audit failures, eventual breach.
Cost 04

Three rewrite attempts already failed.

Big-bang rewrites have ~70% failure rate in the industry. We've seen it on the ground: 18-month "phase 1" projects that ship nothing, run out of budget, and leave the team back on the legacy system with three new architectures' worth of half-built code.

What it costs: R3-5M of budget, 18 months, team morale, the project's reputation internally.
The 3 ways to migrate

How we approach modernisation — and what we won't do

There are basically three patterns to retire a legacy system. The right one depends on the system, the business risk tolerance, and the budget. We'll tell you honestly which fits — and we'll talk you out of the wrong one.

1. Lift & shift

Move the legacy system to modern infrastructure (cloud, containers) without rewriting the code. Buy time, reduce hosting risk, defer the bigger decision.

Good for
  • Buying 12–18 months
  • Reducing hosting cost
  • Low-risk first step
Bad for
  • Solving the real problem
  • Long-term maintenance

2. Strangler-fig

Replace the legacy system one module at a time, with the new system and the old system running in parallel until each module is safely migrated. Low-risk, incremental, value every month.

Good for
  • Business-critical systems
  • Long-term success rate
  • Value every sprint
  • Easy to pause / scope
Trade-offs
  • Running 2 systems for a while
  • Slower than big-bang on paper

3. Big-bang rewrite

Build the entire replacement separately, then cut over in one go. Theoretically fastest. Industry failure rate ~70%. We rarely recommend it — and if we do, we'll tell you exactly why this case is different.

Good for
  • Very small, simple systems
  • Greenfield-style appetite
Bad for
  • Business-critical workloads
  • Anything with edge cases
  • Most real-world systems
How strangler-fig works

The 6-step strangler-fig pattern we use

The strangler-fig pattern, named after the rainforest tree that grows around a host until it stands on its own, is the safest way to replace a legacy system. Here's how we run it.

Why this pattern works

Big-bang rewrites fail because the replacement is built in the dark, against a moving target, with no production feedback. The strangler-fig pattern fixes all three problems: every module ships to production, you find the surprises early, and you can pause or pivot any time.

Crucially, the business keeps running — customers don't know a migration is happening. There's no "site down for upgrade" weekend, no "we'll get back to you next week" while we hand-fix data, no betting the entire roadmap on a single launch date.

Coined by Martin Fowler in 2004; battle-tested across thousands of migrations since.

1

Wrap the monolith with a facade

An API gateway sits between users and the legacy system, so we can intercept and route requests as modules migrate.

2

Pick the smallest, lowest-risk module

Often a read-only report or a low-traffic admin screen. Validate the migration mechanics on something safe.

3

Build the new version alongside

The new module reads from the same data store (or a synced replica). Both versions are live; the facade routes traffic.

4

Shadow-run, then route

Send 1% of traffic to the new module, compare outputs, fix discrepancies. Ramp to 100%. Decommission the old module.

5

Migrate data ownership

The new service takes ownership of its data. The legacy system reads via the new service's API. Coupling is reversed.

6

Repeat → retire legacy

Keep repeating module-by-module. When the last module migrates, the legacy system is decommissioned. The facade becomes the new app.

Stacks we modernise

From old to modern — what we've shipped

Every one of these migration pairs is something we've delivered on SA-based modernisation projects. We know the gotchas.

PHP 5.6 · CodeIgniter 2Custom MVC · 2009–2015
Laravel 12 · PHP 8.2Modern MVC · Inertia + Vue
Classic ASP / VB6IIS · Access · 1998–2008
.NET 8 · Blazoror Laravel + Inertia
.NET Framework 4.xWebForms · WCF · IIS
.NET 8 · Minimal APIContainers · cloud-native
Java EE · Struts · JSPWebLogic · 2005-era
Spring Boot 3 · K8sor Node / Laravel
Delphi / PascalOn-prem desktop · Firebird
Web app · Laravel/.NETPostgreSQL · cloud-hosted
jQuery · Bootstrap 3Server-rendered · spaghetti JS
Vue 3 · React · TailwindComponent-based · type-safe
MySQL 5.1 · AccessOut-of-support · no replication
PostgreSQL 16 · RDSMulti-AZ · backups · replicas
FTP deploys · cPanelManual · no rollback
GitHub Actions · ECSCI/CD · auto-rollback
Our 6 modernisation guarantees

What we commit to on every engagement

Modernisation projects fail when they break the business they're meant to save. These six commitments are how we make sure that doesn't happen.

1. Zero customer-visible downtime

Migration runs alongside the live legacy system. Customers don't see "site under maintenance" pages — every cutover is silent.

2. Value every sprint

Every 2-week sprint ends with something live — a migrated module, a measurable speed-up, a removed risk. Never "the rewrite will be done in 9 months".

3. Reversible at every step

Each module migration includes a documented rollback plan. If something looks wrong in production, we route back to legacy in minutes.

4. Data preserved, audited, reconciled

Every migrated record gets a reconciliation report. We sample, diff, and verify. Nothing gets quietly lost or transformed without us catching it.

5. Your team takes over

We pair-program, code-review, write ADRs, and run knowledge-share sessions throughout. The system is yours to run, not ours to lease.

6. POPIA-compliant from day one

Modernisation is the chance to bake in the compliance the legacy system never had: data-export, deletion, audit logs, encryption, retention.

What walks away with you

Everything in the handover package

The new system, the documentation, the runbooks, the team training. You own everything from day one — modernisation is a hand-off, not a hostage situation.

Modern application code

Every migrated module written in modern, idiomatic, tested code. MIT-licensed, in your repo. Boring mainstream tech your team or any agency can pick up.

Cloud infrastructure

Terraform-defined AWS Cape Town infrastructure with CI/CD pipelines, observability, backups, secrets management — POPIA-friendly by default.

Migration playbook

A detailed playbook documenting every module migration: source/target schemas, reconciliation reports, cutover steps, rollback procedure, ADRs.

Test suites

Unit + integration + characterisation tests of legacy behaviour, regression tests on migrated modules, CI gates that prevent breaking changes.

Observability stack

Sentry, Datadog (or Grafana), CloudWatch dashboards, SLO definitions, on-call alerts. You see problems before customers do.

90-day defect warranty

Any defect we introduce, we fix free for 90 days post-final-migration. We pair-program with your team to ensure handover sticks.

How an engagement runs

The 6-phase modernisation programme

Most modernisations run 3–9 months depending on scope. Every phase has explicit go/no-go gates — you can pause, pivot, or stop at any boundary.

1

Discovery & archaeology

Audit the legacy system, map the modules, document the data, interview the people who know it. Produce a system inventory + migration order.

Weeks 1–3
2

Foundation & facade

Stand up the modern infrastructure (AWS, Terraform, CI/CD, observability) and the API facade that will route traffic between old and new.

Weeks 4–6
3

First module migration

Migrate the smallest, lowest-risk module end-to-end. Validate the strangler-fig mechanics on something safe. Establish the team rhythm.

Weeks 6–10
4

Sustained module migration

Sprint by sprint, module by module. Each sprint ends with something live. Mid-engagement re-prioritisation based on what we've learned.

Months 3–7
5

Data ownership reversal

Modern services take primary ownership of their data. Legacy now reads via new APIs. Coupling is fully inverted.

Months 6–8
6

Legacy decommission + warranty

Final module migrates. Legacy system shut down. 90-day warranty + on-call coverage starts. Knowledge transfer to your team completes.

Month 9+
What modernisation earns

The compounding gains of escaping legacy

Indicative figures across SA modernisation projects, measured 12 months post-final-cutover. The biggest gains are silent — incidents that never happened, features that shipped on time.

3.1×
Feature throughput
Velocity vs legacy baseline
−71%
Hosting + licensing cost
Cloud + open-source vs on-prem
0
Customer-visible outages
During phased migration
100%
POPIA-compliant on launch
Audit logs · export · delete
Indicative pricing — ZAR, ex VAT

Three engagement shapes

Every modernisation is scoped per system — these are the bands we usually land in. 25% on signature, 25% on phase-2 demo, 25% on first migration, 25% on final decommission.

Legacy Audit

Full system review + migration roadmap
R7 000 · once-off
10 working days · graded report
  • 80-point legacy-system scorecard
  • Module dependency map
  • Risk & security assessment
  • Recommended migration approach
  • Phased roadmap + indicative budget
  • Audit fee credits if you commission a migration
Order an audit

Strangler-Fig Migration

Phased modernisation · 4–8 modules
From R32 000 · ex VAT
4–6 months · 90-day warranty
  • Discovery + facade + infrastructure
  • 4–8 module migrations
  • Data reconciliation on each module
  • AWS Cape Town + Terraform + CI/CD
  • Observability + on-call alerts
  • Pair-programming with your team
Scope a Strangler-Fig

Full Modernisation

Complete platform · 9+ modules · enterprise
POA
From R80 000 · 6–12 months
  • Complete legacy decommission
  • 9+ module migrations
  • Database modernisation + replication
  • SSO · audit-log · compliance
  • Embedded engineering pod
  • 6-month retained ops post-launch
Talk to us about Full
FAQ

The questions we get asked most

Honest answers about cost, timelines, risk, and how to know if it's genuinely time to modernise.

How do we know if we should modernise now — or wait?
Four signals: (1) the language/framework is out of security support, (2) you can't hire engineers willing to work on it, (3) every feature ships in 2× the time it should, (4) compliance is starting to ask uncomfortable questions. Two or more of these and modernisation should be on this year's plan. All four and it's overdue. The Legacy Audit (R7k) gives you a graded scorecard if you want a second opinion before committing.
Why not just rewrite everything from scratch?
Big-bang rewrites have a ~70% failure rate in published studies and roughly the same on the ground in SA. They fail because the rewrite is built in the dark against a moving target, runs out of budget before reaching parity, and leaves the team back on the legacy. The strangler-fig pattern ships value every sprint and lets you pause or pivot — which is why we default to it.
Can the business keep running during migration?
Yes — that's the entire point of the strangler-fig pattern. The legacy system keeps running for unmigrated modules. The new modules run in parallel for theirs. Customers don't see a "maintenance" page, ever. The only visible change is that pages start being faster, more reliable, and more polished over time.
What if we run out of budget midway?
Strangler-fig makes this OK in a way big-bang doesn't. Every migrated module is independent and live. You can pause the programme indefinitely and still keep the modules you already migrated. The legacy system continues serving the remainder. We've actually had clients pause for 4 months to fund growth and resume later — the half-migrated state is stable.
Will my team learn the new stack?
Yes — explicit goal. We pair-program with your engineers, code-review their PRs, write ADRs documenting every architectural choice, and run weekly knowledge-share sessions. By the end of the engagement they should be running the system without us. We've seen multiple clients exit retainers because their team was ready to own it themselves — that's a healthy outcome.
What if the legacy code has no documentation at all?
That's normal. Phase 1 of every engagement is archaeology — reading code, interviewing the people who maintained it, running it under observability to see what it actually does. We use characterisation tests to lock in current behaviour before changing it, so we don't accidentally "fix" a bug that the business actually depends on.
What happens to our data?
It moves with care. We script migrations idempotently, run reconciliation diffs after every load, sample-verify with the business, and never delete a source record until the destination has been verified. We've migrated millions of customer records, decade-old order histories, and audit-sensitive SARS data without losing a row.
Can you take over a stalled rewrite that another agency started?
Often, yes. We've rescued three of these in the last 18 months. We audit what exists, decide what to keep vs throw away, document what was learned, and re-plan as a strangler-fig from where you are. It's rarely a clean inheritance, but a stalled rewrite isn't always wasted — sometimes 30–40% of the work is salvageable.

Tell us about your legacy system — we'll tell you honestly when to modernise.

Send us a description of your current stack, the modules, the team that maintains it, and the friction you're hitting. We'll come back with a 45-min audit call, a recommended approach, and an indicative budget.

Scope a modernisation Audit my legacy system