Cloud-native & Edge Architectures

Design architectures that scale, integrate, evolve and operate reliably

Sunesis helps organizations design, modernize and build scalable software architectures with microservices, APIs, event-driven systems, Kubernetes, OpenShift, Microsoft Azure, Google Cloud and edge-fog-cloud concepts, combining enterprise architecture, cloud-native engineering, integration, security-by-design, observability and DevOps.

Our architectures prepare digital platforms for the next generation of enterprise systems — where applications, APIs, workflows, data services and AI agents work together safely.

Trusted by

1 Ibm
2 Nlb
3 Akrapovic
4 Petrol
5 Sava
6 Otp
7 Flare
8 Generali
9 Oracle
9 Snaga
Cybergrid
Ebcont
Energetika Ljubljana
Gen I
Giz
Ministry Justice
Ministry Public Admin
Riko
1 Ibm
2 Nlb
3 Akrapovic
4 Petrol
5 Sava
6 Otp
7 Flare
8 Generali
9 Oracle
9 Snaga
Cybergrid
Ebcont
Energetika Ljubljana
Gen I
Giz
Ministry Justice
Ministry Public Admin
Riko

Architecture that lets your digital business evolve

Modern systems must change quickly, integrate with other systems, scale on demand and operate across distributed environments. Monolithic and tightly coupled architectures slow delivery, make integration painful and limit the ability to adopt new capabilities.

Sunesis helps organizations move toward modular, API-driven, event-enabled, cloud-ready, observable and secure architectures — designed to evolve rather than be rebuilt.

We support the full journey: from architecture assessment to a clear target architecture, and on to cloud-native delivery and edge-fog-cloud scenarios where workloads run closer to data.

Cloud-native architecture is not only about containers. It is about building secure, observable and integration-ready platforms that can support digital products, workflows, APIs and AI-enabled services.

What we design and build

We help organizations modernize software, integrate systems, achieve scalability and build platforms that can evolve over time — combining enterprise architecture with hands-on cloud-native engineering.

Cloud-native architectures

Containerized, scalable and resilient architectures designed for modern platforms and continuous delivery.

Key capabilities

  • Containerized workloads
  • Kubernetes and OpenShift deployment
  • Scalable and resilient design
  • Observability by design
  • API-first and event-enabled foundations

Microservices architecture

Well-bounded services with clear ownership, contracts and resilience, decomposed around business domains.

Key capabilities

  • Service decomposition
  • Domain-driven boundaries
  • Data ownership patterns
  • Resilience patterns, retries and circuit breakers
  • APIs and events as contracts

Kubernetes and OpenShift architecture

Production-grade platform and application architecture on Kubernetes and OpenShift, with secure and consistent delivery.

Key capabilities

  • Kubernetes and OpenShift application architecture
  • Container orchestration
  • Helm, GitOps and environment strategy
  • Workload security
  • Multi-cluster and hybrid

API-first architecture

APIs designed as first-class contracts that connect applications, partners, workflows and AI agents under control.

Key capabilities

  • API strategy and design
  • REST APIs
  • Event-driven APIs
  • OAuth2 and OIDC access control
  • Agent-ready and tool-safe APIs
  • Gateway control

Event-driven and real-time architectures

Decoupled, scalable and traceable systems built around events, streaming and asynchronous messaging.

Key capabilities

  • Kafka-based architectures
  • NATS messaging
  • Pub/sub and request-reply
  • Integration decoupling
  • Event traceability

High-performance service communication with gRPC

Efficient, contract-first communication between services, including streaming and edge scenarios.

Key capabilities

  • gRPC service design
  • Contract-first communication
  • Streaming
  • Internal microservice communication
  • gRPC in edge environments

Workflow-ready architectures

Architectures that integrate deterministic workflow engines for long-running and human-approved processes.

Key capabilities

  • Temporal and Camunda integration
  • Service tasks
  • Long-running processes
  • Human approval flows
  • Business APIs as workflow capabilities

AI-agent-ready service architecture

Service and API architectures that allow AI agents to act safely through controlled, governed capabilities.

Key capabilities

  • Tool-safe APIs
  • MCP-oriented integration
  • Business APIs as agent capabilities
  • API gateway and policy control
  • KumuluzAI integration patterns

Enterprise identity and security architecture

Identity, authorization and zero-trust patterns built into the architecture from the start.

Key capabilities

  • OAuth2 and OIDC
  • Keycloak
  • Microsoft Entra ID
  • Identity propagation
  • Zero-trust and mTLS

Observability and enterprise logging architecture

End-to-end visibility across services, APIs, events and workflows through instrumentation, tracing and audit logging.

Key capabilities

  • OpenTelemetry instrumentation
  • Distributed tracing
  • Metrics and monitoring
  • Enterprise audit logging
  • Correlation IDs
  • Instana APM

Edge-fog-cloud continuum

Distributed architectures that bring processing closer to data, with low latency and edge-to-cloud communication.

Key capabilities

  • Edge, fog and cloud architecture
  • Distributed data processing
  • Edge-to-cloud communication
  • IoT integration
  • Low-latency local processing

Cloud, hybrid and multi-cloud architecture

We design architectures for major cloud platforms and for hybrid and multi-cloud environments, balancing platform capabilities with portability, neutrality and long-term flexibility.

Cloud platform

Microsoft Azure

Azure architecture, AKS, Azure DevOps, Microsoft Entra ID and hybrid patterns for enterprise workloads.

Cloud platform

Google Cloud

GCP architecture, GKE, data and integration services and cloud-native modernization.

Platform

Kubernetes and OpenShift platforms

Containerized workloads, GitOps delivery and multi-cluster operations on Kubernetes and OpenShift.

Strategy

Hybrid and multi-cloud

Workload portability, provider-neutral architecture, exit-strategy awareness and consistent identity, security and observability across providers.

Modernizing monoliths and legacy architectures

Most organizations do not need a risky rewrite. They need a gradual evolution from monolithic and legacy systems toward modular, API-enabled, event-driven, observable and cloud-ready architectures.

Sunesis helps reduce risk by modernizing incrementally — preserving what works, exposing capabilities through APIs and events, and preparing systems for AI through approved, controlled capabilities.

Modernization approaches

Architecture assessmentAPI enablementModularizationStrangler patternCloud-native enablementEvent-driven evolutionWorkflow boundariesSecurity modernizationObservability modernizationAI-agent-ready exposure

Architecture built for integration

Modern architecture is integration architecture. Systems must connect data, processes, channels, partners and increasingly AI agents — securely and reliably.

We design integration into the architecture so that systems communicate through clear contracts, controlled access and full visibility across distributed flows.

API-first system designEvent-driven integrationKafka and event streamingNATS-based messaginggRPC for internal communicationSecure integration with core systemsIntegration with workflow enginesBusiness APIs and reusable capabilitiesAgent-ready APIs and controlled tool exposureObservability across distributed flowsIdentity and authorization across integration flows

Security built into the architecture

Security is a design concern, not an add-on. We build identity, authorization, platform security and zero-trust patterns into the architecture from the start.

Identity and access

OAuth2, OIDC, Keycloak, Microsoft Entra ID, identity propagation and RBAC across services and APIs.

API and service security

Authentication, authorization and policy enforcement applied consistently across APIs and service communication.

Platform security

Kubernetes and OpenShift security, network policies and secrets management for workloads.

Zero-trust patterns

Least privilege, mTLS and policy-based access between services and across distributed environments.

Workflow and automation security

Secure execution of workflows, service tasks and automated actions under identity and policy control.

AgenticAI security readiness

Controlled, tool-safe capabilities and gateway control so AI agents can act safely within the architecture.

Auditability

Enterprise audit logging that records what happened across services, APIs, events and workflows.

Governance

Policy-based access and traceability that keep distributed systems controlled and accountable.

Designed for reliable and observable operation

Distributed architectures are only valuable if they can be operated reliably. We design observability, resilience and production readiness into the architecture so teams can see, understand and trust what is happening.

OpenTelemetry instrumentationDistributed tracing across services, APIs, events and workflowsMetrics monitoring and alertingEnterprise audit loggingInstana APMCorrelation IDs and end-to-end visibilityService health and readinessResilience patternsRate limiting and backpressureSLO and production readinessObservability for AI-agent interactions

Prepare cloud-native platforms for AgenticAI

Cloud-native architecture is the foundation for safe AI. We design platforms where AI agents act through controlled, governed and observable capabilities rather than direct backend access.

Tool-safe APIs

APIs designed so that AI agents can call them safely, with clear boundaries on what they can do.

MCP-oriented tools

Capabilities exposed as MCP-oriented tools that agents can use within a controlled integration model.

Business APIs

Reusable business capabilities that agents, digital products and workflows can call as governed tools.

Workflow boundaries

Clear separation between AI reasoning and deterministic workflow execution for process-critical steps.

Gateway control

API gateway and policy enforcement applied to agent requests for authentication, control and logging.

Auditability

Visibility and audit trails for AI-agent interactions across APIs, tools and workflows.

From cloud-native to edge-native

Intelligence is moving closer to data. Edge and fog computing enable faster response, greater resilience and new AI-enabled applications that cannot depend on a round trip to the cloud.

Sunesis connects cloud, edge and IoT into a coherent edge-fog-cloud continuum, with architectures strengthened by our research in distributed and AI-native systems.

Edge architecture scenarios

IoT and sensor-based systemsDistributed AI and data processingCloud-edge orchestrationEnergy-aware computingLow-latency digital servicesIndustrial and smart infrastructureData locality and sovereigntyLightweight messaging across distributed environmentsObservability across edgeAI-ready data processing at the edge

Accelerated by Kumuluz cloud-native foundations

Sunesis has a long history of building cloud-native, microservice and API-based systems through the Kumuluz product family, gained across demanding enterprise projects.

The Kumuluz Digital Platform and its components provide proven foundations for API-first, microservice, workflow-ready and AI-agent-ready development — informing how we design open, modular, cloud-native and observable architectures for our clients.

Foundation

Kumuluz Digital Platform

Open, lightweight engineering foundation for cloud-native, microservice and API-based development.

API management

Kumuluz API

API management and gateway platform for exposing, securing, monitoring and governing APIs.

Capabilities

Kumuluz Business APIs

Reusable business capabilities for digital products, workflows and AI agents.

AI platform

KumuluzAI Platform

Governed AgenticAI platform for agents, assistants, tool use, model routing and auditability.

Research & Innovation

Research-driven expertise in cloud-edge systems

Research & Innovation

Headlight / NEPHELE

AI-enabled, context-aware orchestration for the compute continuum across edge, fog and cloud.

Research & Innovation

EDGEWISE / dAIEDGE

AI-native orchestration for trustworthy, energy-efficient IoT–Edge–Fog–Cloud environments.

Research & Innovation

AURORA / HEDGE-IoT

Intelligent IoT, edge computing and energy-aware infrastructure for distributed systems.

Research & Innovation

CHAMELEON / Resilmesh

Adaptive Kubernetes resilience and cybersecurity through a mesh-based approach.

Research & Innovation

BONSAI / COSMIC

Advanced cloud-edge-IoT systems and intelligent infrastructure for next-generation platforms.

How we approach architecture work

1

Understand the business and system landscape

We study business goals, existing systems, integrations, constraints and operational realities before proposing change.

2

Define the target architecture

We establish a clear target architecture that balances scalability, integration, security, observability and maintainability.

3

Identify service, API, event and workflow boundaries

We define how the system decomposes into services, APIs, events and deterministic workflow boundaries.

4

Design for security, observability and operations

We build identity, authorization, zero-trust, tracing and audit logging into the architecture from the start.

5

Prepare for AgenticAI where relevant

We expose tool-safe APIs, Business APIs and gateway-controlled capabilities so AI agents can act safely.

6

Implement iteratively

We deliver in controlled increments, validating value and reducing risk at each step.

7

Support evolution

We design architectures to evolve — adding services, integrations, workflows and capabilities over time.

Technology expertise

Cloud platforms

Microsoft Azure, Google Cloud, hybrid and multi-cloud architecture.

Container platforms

Kubernetes, OpenShift, Helm and GitOps delivery.

Architecture patterns

Cloud-native, microservices, API-first, event-driven, cloud-edge and workflow-ready patterns.

Integration and communication

REST, event-driven APIs, Kafka, NATS and gRPC.

Workflow orchestration

Temporal, Camunda, retries and compensation patterns.

AgenticAI readiness

Tool-safe APIs, MCP-oriented tools, Business APIs and KumuluzAI.

Identity and security

OAuth2, OIDC, Keycloak, Microsoft Entra ID, mTLS and zero-trust.

Observability and operations

OpenTelemetry, Instana, tracing, metrics, audit logging and SLOs.

Edge and distributed systems

IoT, edge-fog-cloud continuum and energy-aware computing.

Reference

Cloud-native and integration architecture in practice

Reference

Inorma — Zavarovalniška skupina Sava

An enterprise integration platform connecting systems and processes across an insurance group.

Reference

NLB Klik

A digital banking solution spanning frontend and backend, built for scale, security and reliability.

Reference

EPUS — Plinovodi

A business-critical platform for energy infrastructure and operational workflows.

Reference

Flare

DevOps and platform engineering for large-scale blockchain infrastructure.

Reference

Kumuluz Digital Platform

An open, lightweight digital platform for cloud-native, microservice, API-based and workflow-ready development.

Why Sunesis for cloud-native and edge architectures

1

Architecture and engineering in one team

We do not just draw diagrams — we design and build the systems we architect.

2

Deep integration expertise

We connect systems, data, processes, partners and AI through APIs, events and messaging.

3

Strong Kubernetes and OpenShift background

Production experience with containerized platforms, GitOps and multi-cluster operations.

4

Enterprise security awareness

Identity, authorization, zero-trust and auditability built into every architecture.

5

Production observability expertise

OpenTelemetry, Instana, tracing, metrics and audit logging for reliable operations.

6

Azure and Google Cloud knowledge

Hands-on architecture and delivery on Microsoft Azure and Google Cloud.

7

Workflow and AgenticAI readiness

Architectures prepared for deterministic workflows and safe AI-agent execution.

8

Research-backed edge expertise

Edge-fog-cloud and AI-native systems strengthened by active research and innovation projects.

Need an architecture that can evolve with your digital business?

Whether you are modernizing systems, building a cloud-native platform, introducing APIs and events, strengthening identity and security, improving observability, preparing for AgenticAI or exploring edge-fog-cloud, Sunesis can help you design and implement a scalable, secure, future-ready architecture.