Skip to content

Overlay Network

NetBird Overlay Network

NetBird provides a secure, zero-configuration mesh network built on WireGuard that connects all edge nodes in the Instruct platform — from Raspberry Pi camera nodes and Jetson inference hardware through to the cloud control plane.

Rather than routing data through a central server, NetBird creates direct encrypted tunnels between devices. This means captured frames, datasets, and embeddings move peer-to-peer between edge nodes at full speed, with the cloud only handling orchestration and control signals.

Key benefits in our architecture:

  • No open ports — nodes are not exposed to the public internet
  • Encrypted by default — all inter-node traffic uses WireGuard encryption
  • Low latency — data takes the shortest path between nodes, not through a relay
  • Simple to scale — new edge nodes join the mesh without firewall or VPN reconfiguration.

Cloud Server

DigitalOcean Droplets

DigitalOcean Droplets are Linux-based virtual machines hosted in the cloud, providing a lightweight and cost-effective control plane for distributed infrastructure.

In the Instruct platform, a Droplet serves as the central orchestration node — running the edge dashboard, API services, and TLS termination via Caddy. It coordinates commands across the edge mesh without ever becoming a data bottleneck, since all heavy dataset and inference traffic flows directly between edge devices over the NetBird overlay.

Key benefits in our architecture:

  • Always-on availability — cloud-hosted uptime independent of local hardware
  • Public entry point — handles inbound web traffic and routes it to the right service
  • Lightweight control plane — manages edge nodes without processing their data
  • Scalable services — containerised workloads via Podman quadlets, easy to add or replace.

Security Platform

Wazuh Security Monitoring

Wazuh is an open-source security platform that provides unified threat detection, log analysis, and compliance monitoring across distributed infrastructure.

In the Instruct platform, Wazuh runs on the cloud control node with lightweight agents deployed across every edge device — Raspberry Pi camera nodes, Jetson inference hardware, and the cloud droplet itself. This gives complete visibility into the security posture of the entire fleet from a single dashboard.

Key benefits in our architecture:

  • Fleet-wide coverage — every node monitored from a central manager
  • Real-time threat detection — alerts on suspicious activity, file changes, and anomalous behaviour across all devices
  • Log aggregation — unified view of system events across cloud and edge
  • Compliance ready — built-in rulesets mapped to industry security standards

Secrets Management

HashiCorp Vault

HashiCorp Vault is an open-source secrets management platform that centralises the storage, access control, and rotation of sensitive credentials across distributed infrastructure.

In the Instruct platform, Vault provides a single source of truth for secrets — API keys, database credentials, service tokens, and certificates — ensuring no sensitive values are hardcoded in configuration files or environment variables across the fleet.

Key benefits in our architecture:

  • Centralised secrets — one place to manage credentials across cloud and edge nodes
  • Dynamic secrets — short-lived credentials generated on demand, reducing exposure from leaked keys
  • Access control — fine-grained policies control which services and nodes can access which secrets
  • Audit trail — every secret access is logged, supporting compliance and incident response.

Ready to get started?

Tell us about your project and let’s explore how we can bring your vision to life.

Contact Us