ÖBB Rail Cargo Group (MIKE)

Challenge

MIKE is the digital logistics platform of ÖBB Rail Cargo Group, the freight division of Austrian Federal Railways. The platform supports business-critical processes such as ordering, tracking, and capacity planning, and is continuously expanded with new capabilities to digitally map end-to-end supply chain operations.

As MIKE evolved into a distributed, event-driven platform, the requirements for the cloud foundation increased significantly: The platform had to scale reliably across multiple environments while meeting strict security, compliance, and operational requirements typical of a critical infrastructure operator.

The key challenge was to build a standardized, highly automated, and secure Azure-based platform that can:

• reliably run a large number of services,
• enable fast, auditable deployments,
• and provide production-grade stability, including observability, incident response, and cost control.

Solution

In close collaboration with the development teams of ÖBB Rail Cargo Group, WhizUs designed and implemented the MIKE target architecture on Microsoft Azure – in a strongly supportive role and with a focus on automation, traceability, and security-by-design:

• Cloud architecture & Infrastructure as Code (IaC): Full provisioning of Azure resources via Terraform, enabling consistent, automated rollouts across multiple subscriptions and environments.
• Kubernetes platform: Build-out of 15 Kubernetes clusters across five environments, complemented by Azure services such as AKS, App Services, Azure AD, Load Balancer, and Azure Functions.
• GitOps: Introduction of ArgoCD as a central GitOps control plane to roll out around 100 services automatically, traceably, and with version control from development to production.
• CI/CD & Standardization: Build-out of an Azure DevOps multi-stage pipeline for infrastructure and standardized pipelines for business applications for faster project delivery.
• Customer-tailored IAM System & Security: Development of a comprehensive security concept (RBAC, JIT/JEA, network segmentation, firewalling, CSPM incl. monitoring, compliance, and alerting).
• Shared services & integration: Provisioning of central developer services (e.g., Azure SQL, Blob Storage, File Shares, CDN) and API/integration connectivity (e.g., via Azure Service Bus).
• SRE & operations: SRE concept incl. monitoring, distributed tracing, alerting, as well as budget/cost control and subscription governance.
• Hybrid/special components: Operation of individual components (e.g., Elasticsearch, Neo4j) as containers on VMs incl. management by WhizUs.
• Hybrid approach: MIKE was implemented as a hybrid platform, securely connected to on-premises systems to integrate existing services and data sources while leveraging Azure for scalable cloud-native workloads.

Impact

• Automated Azure-based platform foundation for the scalable operation of MIKE services across multiple environments.
• Faster, consistent releases through GitOps and standardized CI/CD pipelines.
• Improved security and compliance capability through a Zero-Trust-aligned security model and continuous monitoring.
• Higher operational stability through SRE practices and improved transparency on cost and governance.
• Scalable support for development teams through standardized GitOps workflows and SRE practices.