Generic filters
Filter by Standorte
Filter by Funktionen
Generic filters
Filter by Standorte
Filter by Funktionen

Enhancement of the Nokia Software Monetization Platform

As part of the further development of Nokia’s own software Monetization Platform, we supported the Nokia team in integrating new features into the system and provided advice on technical issues.

Customer: Nokia

Nokia is one of the world’s leading communications service providers and is involved in constructing and maintaining communications networks. Furthermore, Nokia is currently strong in research and development of 5G networks. Nokia has 155 years of experience and currently employs approximately 98000 people around the world.

Situation and challenges

The Software Monetization Platform department is responsible for providing various software packages to Nokia customers. The focus is on the highest possible degree of automation of the process from upload to deployment. A JFrog Enterprise+ installation takes over the central administration of the individual software packages. Nokia extends this platform with additional services for better adaptation to the rest of the environment. The task of digatus was to integrate new features into the system through different services and provide advice on technical issues.

The first requirement was to create a possibility to provide the software packages via an SFTP server. The SFTP server should be secured by engaging certificate-based authentication. Customers should receive the current software packages from the SFTP server without having to access an Artifactory instance.

The second requirement was establishing a malware scanning process to scan all software packages for unintentionally introduced viruses or other malware before delivery and to interrupt the delivery process if infections are found.

Another task that digatus took on was establishing new JFrog Enterprise+ environments on Microsoft Azure Cloud, in order to increase the coverage of software deliveries to additional key customers of Nokia, as well as to provide internal build pipeline verification possibilities for multiple development units in Nokia.

“To summarize, all team members have been providing excellent performance and managed to fulfill the expectations defined towards the team. It has been a pleasure to work with the high-performing digatus team, and I look forward to continue the cooperation with them in the upcoming period as well.”

Andor Fauszt – SW Monetization Product Owner, Nokia


The digatus crew was integrated into the existing team by a product owner on the Nokia side. The project was organized according to the SAFe Framework.

When it comes to the first requirement, the following solution has been agreed upon and implemented by the team: the release bundle should be delivered to the SFTP server. After that, a publishing process is initiated, which usually transfers the release bundle to a so-called Artifactory Edge Node. An Artifactory plugin intercepts this request and forwards it to a Golang service on the SFTP server. This service authenticates itself against Artifactory and downloads the required files into a folder shared with the SFTP service. Installing the services in separate containers ensures that in case of a compromised SFTP server, Artifactory cannot be accessed.

A plugin and additional service realized the mal- ware scanning in Artifactory. Every single upload to Artifactory happens in a separate area, which is not accessible by customers. The service downloads the files for scanning and forwards the request to a malware scanner. Based on the scan result, the file is either being quarantined or published. This way, it is ensured that no file can be delivered to the customer without being scanned.

The digatus team also took over the installation of two new JFrog Enterprise+ instances in an Azure environment. Artifactory is executed in a high-availability configuration to ensure increased reliability and fault tolerance.

Customer benefits

digatus was able to contribute to increase software delivery coverage to customers and internal verification possibilities, ensuring faster feedback loops, better quality of software deliveries and hence achieving increased customer satisfaction. Through the SFTP service an important customer of Nokia can be served via the SFTP protocol. Furthermore, the malware scanning process ensures the security and integrity of the delivered software.

The implemented improvements as well as the technical advice provided by digatus, enhance the progress on the way to the automated software monetization platform.

Daniel Bäumler

Daniel Bäumler
As a driving force for digital transformation in companies, he is responsible for the technical orientation in the area of development and digitization of business processes. His expertise ranges from agile software development and new communication media to the customer- and data-optimized design of complex platforms.


Get in touch with our experts. Please call +49 89 2 62 07 56 12 or use the contact form:
By submitting this form, I consent to the processing of personal data in accordance with the Privacy Policy.*

Similar Posts

Adrian Liepert

Munich, January 11, 2023: The IT service provider digatus it group AG continues its buy & build strategy and thus its growth course and complements existing IT M&A expertise by merging with M&A digitalization partner MAxpertise GmbH. With effect from 01.01.2023, MAxpertise is thus 100% part of the digatus group.

Simon Paesler

For Pfennigparade, the process of creating findings should be improved in terms of efficiency, speed and safety.

Christoph Pscherer

Due diligence translates as required or appropriate care, whereby in the M&A context it is a risk assessment. It is usually carried out prior to a company takeover or merger. The aim here is to make the risks of the purchase quantifiable for the investor or the buyer in M&A transactions. After all, the investor wants to know exactly how profitable and sustainable the targeted object is and whether the purchase price in question is justified. Subsequently, the identified risks have to be managed in the post-merger integration.