Back to all case studies

When the Webshop Was Ready—But the Back-End Wasn't

Snapshot

Delivery model: Principal-led engagement (Stefan, Founder & Principal Consultant) Client: Skyline Access (German aerial work platform rental group) Fleet Scale: 1,000+ machines across nationwide locations Core System: InterSystems Caché database managing rental inventory, maintenance schedules, and customer orders Challenge Duration: 3 months (architecture, implementation, and go-live)

The Challenge

A major German rental company had commissioned a third-party web developer to build an online booking platform for aerial work platforms. The project was well underway—design was polished, user flows were functional, and a launch date had been agreed. But no one had planned how the webshop would connect to the live rental management system. The web developer had built the storefront in isolation, with no visibility into the company's existing IT infrastructure, database architecture, or API requirements. When the rental company contacted Vionix to "connect the two systems," it became clear that integration hadn't just been deferred—it hadn't been scoped at all.

Constraints

Timeline Pressure: A public launch date had already been committed between the rental company and the web developer, creating urgency to resolve integration without derailing the schedule.

Organisational Silos: The web development firm operated independently of the internal IT team, with no prior collaboration on infrastructure or security requirements.

System Complexity: The Caché database didn't just track machine availability—it managed maintenance windows, machine group substitutions, distance-to-site calculations, and overlapping customer reservations. A "simple" availability check required querying multiple interdependent data layers.

Security Maturity: The internal IT team had not previously exposed public-facing APIs or operated demilitarised zones (DMZs), requiring foundational security architecture work.

Approach

Vionix convened a three-party workshop (rental company IT, web developer, and Vionix) to map out the missing integration layer.

1. Infrastructure Assessment: Determined that the company had no public IP allocation, DMZ topology, or firewall rules for external API exposure. Designed a secure perimeter architecture with a dedicated server in a DMZ to host the CSP Gateway.
2. Firewall & Network Hardening: Collaborated with internal IT to configure enterprise firewall rules, open necessary TCP ports, and establish network segmentation between the public-facing gateway and the internal Caché environment.
3. CSP Gateway Provisioning: Deployed and secured the InterSystems CSP Gateway to act as the HTTP bridge between the webshop and the Caché database.
4. REST API Design: Implemented a REST endpoint to expose machine availability data. The API logic incorporated: machine group substitutions (to offer alternative models when a specific unit was unavailable), maintenance schedules (to exclude machines with upcoming service requirements), distance-to-site filtering (to prioritise logistically viable machines), and cross-referenced order data (to block machines already reserved by other customers).
5. Data Quality Feedback Loop: During testing, the webshop surfaced inconsistent availability results. Investigation revealed legacy data errors in the rental database for example machines marked as available despite scheduled maintenance. Vionix traced these back to historical data entry mistakes, enabling the client to correct long-standing data hygiene issues.
6. Handover & Knowledge Transfer: Delivered training to internal IT on firewall maintenance, DMZ server hardening, API monitoring, and the security implications of operating public-facing services.

What Was Delivered

• Secure API Infrastructure: DMZ-hosted CSP Gateway with REST endpoint, hardened for public internet exposure
• Availability Logic Engine: Multi-factor availability calculation spanning machine groups, maintenance windows, distance, and reservations
• Firewall & Network Security Configuration: Enterprise firewall rules, port management, and network segmentation
• Operational Documentation & Training: Internal IT upskilled on API operations, security posture, and troubleshooting

Results

The webshop went live on schedule after three months of integration work. Vionix handed over all infrastructure and API components to internal IT, who assumed full operational responsibility. While Vionix did not track post-launch adoption metrics, the project unblocked a strategic digital channel for a company operating across 40+ locations in Germany's competitive aerial work platform rental market.

Why It Worked

Early Intervention Prevented Rework: Convening all parties before code was written avoided the expensive scenario of retrofitting integration into incompatible architectures.

Security-First Design: Building the DMZ and API layer with production-grade security from the start avoided the common anti-pattern of "launching insecurely, then hardening later".

Domain Logic Centralised in the API: By embedding complex availability rules (maintenance, distance, substitutions) in the backend API rather than the webshop, Vionix ensured that rental logic remained consistent across all future sales channels.

Data Quality as a Side Effect: The integration testing process revealed operational data errors that had silently accumulated over time, turning the API project into an unplanned data cleansing initiative.

How Vionix Worked

Vionix operated as a technical mediator between the web development firm and the rental company's internal IT, translating business requirements into infrastructure decisions. After architecting and implementing the integration layer, Vionix transferred all assets and operational knowledge to the client's team, enabling them to maintain and evolve the system independently.