Nikola Kovačević
June 2025

Opella Infrastructure Carve-Out

Led the infrastructure separation for Opella's spin-off from Sanofi, isolating 53+ manufacturing and commercial sites across four Azure landing zones with zero business disruption.

Problem

Sanofi spun out Opella as a standalone consumer health company. The IT estate was deeply entangled: shared ERPs, hybrid infrastructure, no standalone security posture. 53+ manufacturing and commercial sites needed isolation. The TSA clock was ticking. Regulators and production lines do not forgive downtime.

Outcome

Designed and deployed four Azure Landing Zones with hardened IaaS, an Internet-facing DMZ, and full Infrastructure-as-Code via Terraform and Ansible. Built the migration governance framework that steered the entire separation program. Led the technical decision-making for Cloud Infrastructure, Active Directory, and Observability workstreams.

Impact

Zero business-disrupting incidents during site cutover. 70% risk reduction on carve-out deliverables. EUR 1.5M in annual run-cost savings. Infrastructure provisioning time dropped 85%.

Carve-outs are ugly. You are not just moving data. You are splitting a living organism while it is still running. One wrong cut and a manufacturing site goes dark.

Opella’s separation from Sanofi was one of the largest pharma carve-outs in recent years. I led the infrastructure work.

The scope

Fifty-three plus sites. Four Azure landing zones. Hundreds of applications. Sixteen thousand users. And a Transition Services Agreement that did not care about our technical debt.

I structured the program around the workstreams I owned:

  1. Cloud Infrastructure: Azure Landing Zone and DevOps platform.
  2. Active Directory: A completely new forest, because you cannot be an independent company logging into your parent’s domain.
  3. Observability: You cannot operate what you cannot see.

Landing Zone design

I ran the design through three phases: Plan and Mobilize, Design, and Build. We validated requirements against the Cloud Impact baseline and Microsoft frameworks. The result was a hardened landing zone with Resource Organization, Tenant Configuration, and full IaC assets.

Key decisions I pushed:

  • Hardened IaaS components by default. No soft defaults because we were in a hurry.
  • Internet-facing DMZ tailored to Opella’s security needs, not a copy-paste of Sanofi’s.
  • GitHub and CI/CD pipelines separated from Sanofi’s organization, with SonarCloud integrated from day one.
  • Infrastructure-as-Code via Terraform and Ansible. Manual provisioning at 53 sites is a guarantee of inconsistency.

Governance

I built the migration governance framework that the entire program used. This was not just infrastructure. It was risk management. Every cutover decision went through a technical advisory board. Every site had a rollback plan. We did not gamble.

The result

Zero business-disrupting incidents. That is the only metric that mattered. Everything else, the EUR 1.5M savings, the 85% provisioning time reduction, the 70% risk drop, is secondary. When you are splitting a pharma company, the factory lines must keep running. They did.