The Anatomy of a Sovereign Business Platform: How Nextcloud, Zammad, and Others Integrate

When building a modern IT infrastructure today, one faces a strategic decision: either buy into the convenience (and dependency) of large US SaaS monoliths, or build a sovereign platform. However, “self-hosting” has long sounded like a risky DIY project to many IT managers—characterized by manual updates, security gaps from forgotten patches, and unstable scripts.

A different approach is demonstrated by the architecture of a technical service provider with 180 employees. Here, software wasn’t simply installed on servers. An orchestrated platform architecture was created, which feels like a modern cloud solution but operates entirely under one’s own control in German data centers. The technological core of this freedom is Managed Kubernetes.

1. The Foundation: Kubernetes as the “Cloud Operating System”

Instead of running applications like Nextcloud, Zammad, or Mattermost on isolated virtual machines (VMs)—which often leads to “server sprawl”—all services run as containers in a Kubernetes cluster. This fundamentally changes the role of IT management: from “server firefighter” to platform strategist.

• Self-Healing & High Availability: In a classic VM structure, a web server crash often means downtime until an admin intervenes. Kubernetes, on the other hand, monitors the health of each individual service. If a process crashes, the affected container is restarted within milliseconds.
• Zero-Downtime Updates: Maintenance windows on weekends are a nightmare for any IT department. With Kubernetes, updates are applied “rolling.” The system brings up the new version, checks its accessibility, and only switches traffic once the new instance is running stably. Operations continue seamlessly.

2. Data Logistics: Centralized Storage and Automated Security

In a sovereign architecture, data is not scattered across the silos of US providers but resides on a controlled storage layer.

• Persistence & Performance: Documents, ticket attachments, and chat histories are stored on encrypted high-performance volumes. Since the infrastructure is located in certified German data centers, physical access is strictly regulated and GDPR-compliant.
• Infrastructure Backups: Instead of backing up each application with individual scripts, backups occur at the infrastructure level. Snapshot-based backups secure the entire state of the platform (databases and file systems) and transfer them encrypted to a geographically separate secondary location. In case of emergency, a “full recovery” is possible in a very short time.

3. The Integration Layer: The End of Silo Mentality

The true added value for the technical service provider did not come from the tools themselves but from their networking. Through standardized APIs and webhooks, the components were woven into a seamless workflow:

• Central Identity Management (Authentik): Employees use a single login (Single Sign-On) for all applications. IT management controls access centrally through roles (RBAC). If an employee leaves the company, access is revoked in one place—and all 10+ business apps are immediately locked.
• Event-Based Workflows: The platform “thinks” along. If a job is created for a specific customer in the ticket system (Zammad), the system automatically triggers the creation of a matching project folder in Nextcloud and opens a temporary deployment channel in Mattermost.
• Integrated Signature Processes: A maintenance report is digitally created in the field, presented for signature via Docuseal, and lands back in the project archive without manual intervention after signing. No data leakage, no media disruption.

4. Managed Services: Sovereignty Without Operational Pain

For the IT manager, this setup means: they have full control over the location, legal framework, and configuration of their data without having to worry about the detailed administration of hardware or operating systems.

By operating as a Managed Service, ayedo takes on the “heavy lifting”—monitoring, security patching, load balancing, and ensuring availability. The company enjoys the strategic advantages of a private cloud while the operational burden is externalized like a SaaS solution.

Conclusion: The Modern Answer to Regulatory Pressure

A sovereign business platform based on Kubernetes is the logical response to increasing pressure from NIS-2 and the need for independence from US price hikes. It offers IT managers an architecture that is not only secure and compliant but also significantly enhances the operational efficiency of the entire company. Sovereignty here is not a compromise but a technological upgrade.

FAQ

Why is Kubernetes better than classic virtualization for business apps? Kubernetes is designed for scalability and automation. While a VM includes a complete operating system and is cumbersome, containers are lightweight. Kubernetes automates the management of these containers, reducing error rates and optimizing the utilization of expensive server resources.

How secure is remote access for field staff? Access is via encrypted connections (TLS) and protected by central identity management (Authentik). We also implement modern security standards like Multi-Factor Authentication (MFA), making mobile access to project data more secure than many standard cloud solutions.

Can we integrate our existing software landscape? Yes. Since the platform is based on open standards (Docker/Kubernetes) and protocols (OIDC/SAML/REST-API), existing specialized applications or ERP systems can usually be integrated or even fully migrated into the cluster without issue.

What happens in the event of a complete site failure? Through automated offsite backup to a separate location, we can restore the entire platform in another data center. Since the configuration is “as code,” this disaster recovery process is highly automated and reliable.

How does ayedo assist in designing such an architecture? We act as both architect and construction manager. We analyze your current “SaaS silos,” design the appropriate target infrastructure on Managed Kubernetes, and carry out the migration of your data. Subsequently, we ensure the smooth 24/7 operation of your new, sovereign platform.