01 The Challenge
National Oilwell Varco — one of the world’s largest oilfield
equipment and services companies — runs a drilling-data platform whose services live
in two worlds at once: on edge devices at drill sites and in the
AWS cloud. Data captured at the rig has to flow reliably up to the cloud,
and platform capabilities have to work consistently in both places.
The platform needed new production services — asset management, company, and
identity/authorization — plus streaming APIs, and it needed to shed hardcoded
assumptions that tied the API to a single company. On top of the engineering work, the
platform’s security model was undocumented, and the team’s delivery process
had room to tighten. Leopard Data was brought in to work all three fronts.
02 The Approach
Leopard Data built Go microservices with gRPC and Protocol
Buffers streaming APIs and generated gateways, backed by
PostgreSQL with goose-managed schema migrations. Edge-to-cloud data
synchronization flowed NATS → MQTT (Mosquitto) → Kafka, moving
drilling data from rig-side devices into the cloud pipeline. We implemented streaming
endpoints such as wells-by-operator, classification endpoints with edge sync, and
application-scoped roles and permissions endpoints — and made the platform API
company-neutral, removing hardcoded assumptions so it could serve
multiple companies.
On security, we fully analyzed the platform’s existing security model and wrote the
security document and sequence diagrams the team then used as its
reference. We designed SAML and OpenID Connect support with Okta,
including token-expiry handling, and delivered working SAML applications for dev and
test alongside the security admins.
On process, Leopard Data took over the scrum-master role so the product
owner could focus on the product: running stand-ups, retros, and demos; instituting a
daily pull-request review meeting; restructuring Jira into epics,
features, and stories; and writing the team-standards document and story-writing
standard the team adopted. We also mentored the team on microservices architecture in
recurring sessions.
03 The Delivery
Endpoint sets shipped to production with unit tests and a clean QA handoff
— streaming wells-by-operator, classification with edge synchronization, and
application-scoped roles/permissions all went from design to running services. The
company-neutral API work landed without disrupting the existing platform consumers.
The security deliverables were working artifacts, not shelfware: the security document
and sequence diagrams became the team’s shared reference, and the SAML applications
for dev and test were validated end-to-end with the client’s security
administrators. Meanwhile the process changes took hold in the daily rhythm —
shorter stand-ups, PRs reviewed every day instead of piling up, and stories written to a
standard everyone could work from.
04 The Outcome
- Security architecture documented with sequence diagrams and adopted as the team’s reference.
- SAML and OpenID Connect support on Okta designed and validated, including token-expiry handling.
- Multiple production endpoint sets shipped with unit tests and QA handoff.
- Team process measurably tightened — shorter stand-ups, daily PR reviews, and adopted standards docs.
- Platform API made company-neutral, opening it to multiple companies.
05 Tech Stack
Go
gRPC / Protocol Buffers
Kubernetes
AWS
PostgreSQL
NATS
MQTT
Kafka
Okta / SAML / OIDC
TimescaleDB
Docker
Jira/SAFe