NETWAYS Web Services

Central Observability Platform

Metrics. Logs.
Telemetry.
Made in Germany.

An open-source, sovereign, and horizontally scalable monitoring platform — custom-tailored for your infrastructure, hosted in German data centres, and fully compliant with European data protection law.

Digital Sovereignty GDPR-Compliant Open Source Hosted in Germany 🇩🇪

The Challenge

Observability is broken for European enterprises.

🔒

Data Sovereignty at Risk

Grafana Cloud, Splunk, Datadog — your operational data flows to US hyperscalers, subject to the US CLOUD Act. No way around it.

💸

Unpredictable Costs

Per-seat licensing, per-GB ingestion fees, egress charges. Bills explode as you grow. Splunk can reach €100k+/year for mid-sized teams.

🔗

Vendor Lock-In

Proprietary query languages, closed APIs, and migration barriers trap you in ecosystems you never chose.

📋

Compliance Pressure

DSGVO, NIS2, BSI IT-Grundschutz, TISAX — regulators demand full control over where your data lives and who can access it.

🏗️

One Size Fits Nobody

Generic SaaS platforms force you to adapt your workflows to their product — not the other way around.

✅

There is a better way

A platform designed for European enterprises — open, sovereign, and built around your requirements.

Our Solution

A sovereign observability platform,
custom-built for you.

🇩🇪

Hosted in Germany

Your data never leaves German soil. Rechenzentren in Frankfurt and Nürnberg, operated under German law.

📐

Custom-Tailored

Every deployment is shaped around your team, your stack, and your SLAs — not a generic template.

🔓

100% Open Source

VictoriaMetrics, Grafana, Keycloak, Fluent Bit — auditable, forkable, zero proprietary dependency.

⚡

High Performance

VictoriaMetrics ingests millions of data points per second with 10× better compression than Prometheus.

📈

Horizontally Scalable

Kubernetes-native horizontal scaling — from small teams to petabyte-scale enterprise deployments.

🛡️

Managed & Operated

NETWAYS runs the platform end-to-end — updates, backups, alerting, 24/7 ops. You focus on your product.

Architecture

High-Level Architecture

Your Applications · Kubernetes Workloads · Bare Metal

↓ metrics · logs · traces (OTLP / Prometheus / FluentBit)

Envoy Gateway · TLS Termination · Rate Limiting

↓ auth

↓ metrics

↓ logs

Keycloak
SSO / OIDC / RBAC

VictoriaMetrics
TSDB · Operator

VictoriaLogs
Log Storage

↓ query · visualise · alert

Grafana · Dashboards · Alerting · Reports

🔒 All within: Managed Kubernetes on NWS · Germany · GDPR

🔐 Zero-Trust Security

Every request authenticated via Keycloak OIDC. mTLS between services. Network policies enforced by the Kubernetes operator.

🔄 GitOps-Managed

All platform configuration lives in Git. Reproducible, auditable, rollback-ready deployments via Kubernetes operators.

📦 Multi-Tenant Ready

VMAuth provides per-team, per-application access control on a shared or dedicated cluster footprint.

🌐 API-First

Full Prometheus-compatible API. OpenTelemetry-native. Drop-in replacement for existing monitoring stacks.

Platform Components

Best-of-breed open-source stack

📊

VictoriaMetrics

High-performance time-series database. Prometheus-compatible remote write & query API. Supports VMSingle (small) and VMCluster (sharded, HA) topologies.

metrics PromQL MetricsQL

📋

VictoriaLogs

Efficient log storage engine from the VictoriaMetrics family. Accepts logs from Fluent Bit, Logstash, Promtail. LogsQL for powerful querying.

logs LogsQL Fluent Bit

🔔

VMAlert

Alerting engine integrated with the VictoriaMetrics operator. Prometheus-compatible alert rules, routed via Alertmanager to Slack, PagerDuty, email.

alerting Alertmanager

📈

Grafana

Unified visualisation layer for metrics, logs, and traces. 500+ community dashboards, SLO tracking, incident management, and PDF reporting.

visualisation dashboards SLO

🔑

Keycloak

Enterprise-grade identity & access management. OIDC, SAML, LDAP federation. Fine-grained RBAC per team and per data source.

auth OIDC SAML LDAP

🌐

Envoy Gateway

Modern Kubernetes Gateway API implementation. TLS termination, Let's Encrypt automation, rate limiting, and advanced traffic management.

networking TLS Gateway API

Comparison

Why not Grafana Cloud
or Splunk?

Feature	NETWAYS Platform	Grafana Cloud	Splunk	Datadog
Data hosted in Germany	✅ Always	❌ US/EU optional	❌ US primary	❌ US primary
GDPR / BSI compliance	✅ By design	⚠️ Partial	⚠️ Complex	⚠️ Complex
Pricing model	✅ Resource-based	Per series/logs GB	Per GB ingested	Per host + per GB
Vendor lock-in	✅ None (open source)	Medium	High	High
Custom tailoring	✅ Full	Limited	Limited	Limited
On-premise option	✅ Yes	❌ No	✅ Yes (expensive)	❌ No
Prometheus-compatible	✅ Native	✅ Yes	⚠️ Via adapter	✅ Yes
OpenTelemetry support	✅ Native	✅ Yes	✅ Yes	✅ Yes

Use Cases

Built for every observability challenge

☸️

Kubernetes & Cloud-Native Monitoring

Node and pod resource utilisation
Deployment health, rollout tracking
PVC usage, network throughput
Custom CRD metrics via kube-state-metrics

🏭

Application Performance Monitoring

Request rates, error rates, latency (RED)
SLO / SLA tracking with burn-rate alerts
Distributed tracing via OpenTelemetry
Synthetic monitoring integration

🔐

Security & Compliance Logging

Audit log centralisation (Kubernetes, SSH, app)
Anomaly detection on log patterns
Tamper-evident log retention
SIEM integration via log forwarding

🏗️

Infrastructure & Bare-Metal

Physical server metrics via node_exporter
SNMP / IPMI / hardware sensor collection
Multi-site, multi-DC aggregation
VMware / Proxmox integration

📊

Business & Product Metrics

Custom event tracking from any application
Sales funnel, conversion, and revenue KPIs
Scheduled PDF reports for management
Multi-team dashboards with RBAC

🔄

CI/CD & DevOps Pipelines

Build duration and failure rate tracking
Deployment frequency and lead time (DORA)
Test coverage and quality gate metrics
GitLab / GitHub Actions integration

Integrations

Works with your entire ecosystem

Data Ingestion

Prometheus remote_write OpenTelemetry (OTLP) Fluent Bit Fluentd Logstash Telegraf Datadog Agent InfluxDB Line Protocol Graphite Loki Push API Elastic Beats Syslog / RFC5424

Identity & Access

Active Directory / LDAP SAML 2.0 OIDC / OAuth2 Azure AD / Entra Google Workspace GitHub SSO

Alerting & Incident Management

PagerDuty OpsGenie Slack Microsoft Teams E-Mail / SMTP Webhook Icinga 2

Infrastructure & Platforms

Kubernetes (any distro) VMware vSphere Proxmox AWS CloudWatch Azure Monitor GCP Cloud Monitoring Hetzner Cloud SNMP / IPMI OpenStack

Developer Tooling

GitLab CI GitHub Actions ArgoCD Flux Helm Terraform Ansible

          Prometheus-compatible drop-in.

          Any existing Prometheus scrape config, recording rule, or alert rule works without modification. Migration from existing stacks is seamless.

Scalability

Scale from startup
to enterprise — seamlessly.

🏢 VMSingle — Start Small

Single-node deployment. Perfect for teams getting started. Handles millions of time series with low resource footprint. Zero operational overhead.

10M+

active time series

10×

better compression

🏭 VMCluster — Enterprise Scale

Horizontally sharded architecture with independent scaling of ingestion (vminsert), storage (vmstorage), and query (vmselect) layers. No rebalancing downtime.

1B+

time series

replication

☸️ Managed Kubernetes Foundation

The platform runs on NWS Managed Kubernetes (Gardener-based). Node pools scale automatically. Control plane is fully managed — no etcd maintenance, no API server patching.

Horizontal Pod Autoscaler for VMAgent
Cluster Autoscaler for node pools
Multi-zone node groups for HA
Spot / preemptible nodes for cost optimisation

🔄 Multi-Tenant Architecture

VMAuth provides tenant-level isolation on a shared cluster. Each team gets their own namespace, access scope, and ingestion limits — on a single platform.

📦 Operator-Driven

The VictoriaMetrics Operator manages all VM resources declaratively. Scale from single to cluster topology by changing one YAML field — zero downtime migration.

Digital Sovereignty

German data centres.
European laws. Your data.

🇩🇪

Rechenzentrum in Deutschland

All data is stored and processed exclusively in German data centres, operated under German and EU law. No transfers to third countries.

📜

DSGVO-konform by Design

Data minimisation, purpose limitation, and right to deletion are built into the platform architecture — not bolted on afterward.

🛡️

NIS2 & BSI IT-Grundschutz Ready

Platform hardening aligned with BSI IT-Grundschutz catalogues and NIS2 directive requirements for critical infrastructure operators.

🔍

Full Auditability

Open-source stack means you can audit every line of code running in your environment. No black-box proprietary agents.

❌ No US CLOUD Act Exposure

Unlike US-based SaaS providers, NETWAYS Web Services GmbH is a German company not subject to US CLOUD Act subpoenas. Your operational data remains under exclusive EU jurisdiction.

🔐 TISAX & ISO 27001

Infrastructure certified to automotive (TISAX) and international information security (ISO 27001) standards. Suitable for regulated industries: finance, healthcare, public sector.

🤝 AVV — Auftragsverarbeitungsvertrag

We sign a GDPR-compliant data processing agreement (AVV) as required by Art. 28 DSGVO — standard with every contract, no extra paperwork.

Sovereign infrastructure is not a feature. It is the foundation.

Managed Service

We run it.
You own it.

🔧

Day-0: Design

Requirements workshop
Architecture design
Sizing & cost planning
Integration mapping

🚀

Day-1: Deployment

GitOps-based rollout
SSO & RBAC configuration
Dashboard provisioning
Alert rule setup

♾️

Day-2: Operations

24/7 platform monitoring
Automated backups
Version upgrades
Capacity management

99.9%

SLA availability

<1h

incident response

support team location

25+

years open-source ops