The Challenge
NWS Digital develops autonomous security robots for industry, logistics, and critical infrastructure. The existing IoT platform from a third-party vendor had critical limitations:
- Vendor Lock-In: Deep dependency on Azure Entra ID and proprietary Azure services made switching providers practically impossible
- Scaling Issues: The existing backend couldn’t keep up with the growing robot fleet
- Security Gaps: Telemetry and video data was transmitted unprotected over the public internet
- No Portability: Customers with on-premise requirements couldn’t be served
What We Developed
innFactory rebuilt the entire cloud platform from the ground up - with the goal of maximum portability and security.
Cloud-Agnostic Architecture
The platform runs on Azure, AWS, Google Cloud, STACKIT, or any Kubernetes distribution - without code changes:
- Kubernetes-native microservices with Helm charts
- Interchangeable storage adapters (Azure Blob, S3, MinIO)
- Keycloak instead of proprietary identity provider
- GitOps deployment with Flux CD
Secure Communication via WireGuard
Each robot connects to the cloud via a dedicated WireGuard VPN tunnel:
- Point-to-point encryption between robot and backend
- No data over the public internet
- MQTT messaging through the encrypted tunnel
- Keycloak also authenticates VPN connections
Real-Time Video Streaming
- WebRTC for low-latency streaming under 50ms
- Browser-based access without client software
- User-based access control for camera feeds
- Recording and playback via Azure Storage
Identity & Access Management
- Keycloak as central identity provider
- OpenID Connect for all services
- Robots as machine-to-machine clients
- Fine-grained permissions per robot and stream
Technical Architecture
| Layer | Technology |
|---|---|
| Cloud | Azure (portable to AWS/GCP/STACKIT) |
| Container | AKS Kubernetes, Azure Container Registry |
| Network | Azure VNET, Load Balancer, NSG |
| Security | Azure Key Vault, WireGuard, Keycloak |
| Database | Azure Postgres Flexible, TimescaleDB |
| Monitoring | Azure Log Analytics, Grafana |
| Backend | Scala 3, Play Framework, Pekko |
| Frontend | TypeScript, Tailwind, shadcn/ui |
| Robot | Linux/ROS2, Custom Image |
| Deployment | Flux CD, GitHub Actions |
Our Services
- Architecture Design for multi-cloud portability
- Backend Development with Scala 3 and Play Framework
- Frontend Development with TypeScript and modern UI stack
- WebRTC Integration for real-time video streaming
- VPN Infrastructure with WireGuard
- Keycloak Setup including robot authentication
- Custom Linux Image for robot provisioning
- GitOps Pipeline with Flux CD
- 24/7 Operations and Site Reliability Engineering
The Results
The new platform enables NWS Digital to:
- Cloud Flexibility: Deployment on Azure, AWS, STACKIT, or on-premise
- Scaling: Expand robot fleets without architectural limits
- Compliance: GDPR, AI Act, and NIS2 compliant by design
- Real-Time Monitoring: Video latency under 50ms
- Automation: New robots provisioned in minutes
Related Services: Azure Cloud | IoT & Embedded | Multi-Cloud Strategy
