The Challenge
NWS Digital develops autonomous security robots for industry, logistics, and critical infrastructure. The existing IoT platform from a third-party vendor had critical limitations:
- Vendor Lock-In: Deep dependency on Azure Entra ID and proprietary Azure services made switching providers practically impossible
- Scaling Issues: The existing backend couldn’t keep up with the growing robot fleet
- Security Gaps: Telemetry and video data was transmitted unprotected over the public internet
- No Portability: Customers with on-premise requirements couldn’t be served
What We Developed
innFactory rebuilt the entire cloud platform from the ground up - with the goal of maximum portability, real-time capability, and security. From device provisioning through architecture and development to ongoing operations, we are your partner.
Cloud-Agnostic Architecture Without Vendor Lock-in
The platform runs on Azure, AWS, Google Cloud, STACKIT, or any Kubernetes distribution - without code changes:
- Kubernetes-native microservices with Helm charts
- Interchangeable storage adapters (Azure Blob, S3, MinIO)
- Keycloak instead of proprietary identity provider
- GitOps deployment with Flux CD
Real-Time Sensor Data Processing
At the core is processing all sensor data in real-time:
- Continuous capture from camera, lidar, and environmental sensors
- Immediate evaluation and response to detected events
- WebRTC for live video streaming on demand
- MQTT messaging for reliable telemetry transmission
Custom AI Models Per Environment
Through customer-specific AI models, robots can offer different capabilities in each environment:
- Trained models for specific surveillance scenarios
- Adaptation to industrial environments, logistics centers, or outdoor areas
- Detection of anomalies, persons, or hazardous situations
- Continuous improvement through feedback loops
Secure Connection via WireGuard VPN
Every robot is always securely connected via WireGuard VPN:
- Point-to-point encryption between robot and backend
- No data over the public internet
- MQTT messaging through the encrypted tunnel
- Keycloak also authenticates VPN connections
Identity & Access Management
- Keycloak as central identity provider
- OpenID Connect for all services
- Robots as machine-to-machine clients
- Fine-grained permissions per robot and stream
Technical Architecture
| Layer | Technology |
|---|---|
| Cloud | Azure (portable to AWS/GCP/STACKIT) |
| Container | AKS Kubernetes, Azure Container Registry |
| Network | Azure VNET, Load Balancer, NSG |
| Security | Azure Key Vault, WireGuard, Keycloak |
| Database | Azure Postgres Flexible, TimescaleDB |
| Monitoring | Azure Log Analytics, Grafana |
| Backend | Scala 3, Play Framework, Pekko |
| Frontend | TypeScript, Tailwind, shadcn/ui |
| Robot | Linux/ROS2, Custom Image |
| Deployment | Flux CD, GitHub Actions |
Our Services
- Device Provisioning with custom Linux image
- Architecture Design for multi-cloud portability without vendor lock-in
- Backend Development with Scala 3 and Play Framework
- Frontend Development with TypeScript and modern UI stack
- Real-Time Data Processing for all sensors
- Custom AI Models for environment-specific capabilities
- VPN Infrastructure with WireGuard
- Keycloak Setup including robot authentication
- GitOps Pipeline with Flux CD
- 24/7 Operations and Site Reliability Engineering
The Results
The new platform enables NWS Digital to:
- No Vendor Lock-in: Deployment on Azure, AWS, STACKIT, or on-premise
- Real-Time Monitoring: All sensor data processed in real-time
- Adaptive AI: Custom models for each customer environment
- Secure Connection: All robots encrypted via WireGuard
- Automation: New robots provisioned in minutes
- Compliance: GDPR, AI Act, and NIS2 compliant by design
Related Services: Azure Cloud | IoT & Embedded | Multi-Cloud Strategy
