Our customer is a telecommunications start-up based in Germany that specializes in the development and production of particularly secure eSIM generations. For a new product cycle, eSIMs with advanced cryptographic security features needed to be generated and managed in a fully controlled environment.
This involves highly complex computing processes, such as the creation, encryption, and authentication of individual eSIM profiles. Each profile must be generated uniquely, securely, and without tampering, often in large quantities and under strict data integrity requirements. This is complemented by certificate checks, signatures, key management, and real-time transaction logging. A specialized high-performance infrastructure is required to map these processes in a way that is both high-performance and reliable.
In order to meet both performance and compliance requirements, a conscious decision was made against a public cloud solution in favor of a locally operated infrastructure. The project is supported by government funding and was implemented in close cooperation with an IT service provider from Hamburg.
Project period: Q2/2025
Project volume: approx. 325.000 €
Table of Contents
Project Description
The aim of the project was to set up a powerful, flexibly expandable server infrastructure that can be used to generate eSIM profiles not only securely, but also efficiently and in large quantities. This applies in particular to the cryptographic processes behind every digital SIM card: Each eSIM profile must be uniquely encrypted, securely stored, and reliably managed—as quickly as possible, without errors, and in a closed, traceable environment.
The parallel creation of thousands of profiles for device manufacturers, network operators, or IoT applications in particular requires considerable computing power. Securing data and transactions in real time also places high demands on the hardware used.
Particular attention was paid to selecting a system architecture that offers maximum flexibility despite high packing density:
The Supermicro BigTwin series was chosen because it allows four completely independent nodes to be housed in a single 2U chassis. Each node can be operated, maintained, and assigned separately—comparable to four independent physical servers in one enclosure. This architecture was decisive in the purchase decision: it combines space-saving density with operational freedom at the node level.
Key Requirements:
- High computing power for parallel cryptographic workloads e.g., for encryption, authentication, and serialization of eSIM profiles
- Fast and secure NVMe storage solution for data and transaction processes for fast processing, logging, and securing sensitive information
- Full data sovereignty through local operation without public cloud components for compliance with regulatory requirements and to minimize external attack surfaces
- Scalable architecture for future eSIM generations to respond flexibly to higher volumes and new technical standards
- Eligibility for funding through regional value creation as a prerequisite for public subsidies and sustainable location commitment
Project Implementation
Memorysolution delivered a turnkey setup consisting of several Supermicro BigTwin systems, which were assembled, tested, and documented in Bremen:
Compute Nodes
- 4× Supermicro BigTwin MS-222BT-HNR with 4 nodes each
- Intel Xeon 6730P CPUs with 32 cores / 64 threads, 288 MB cache, TDP 250W
- 256 GB DDR5-6400 ECC RAM per node (octa-channel ready)
- 2× 960 GB Samsung PM9A3 M.2 NVMe SSDs per node for OS & applications
Storage
- 4× 3.84 TB Samsung PM9A3 U.2 NVMe SSDs per node for productive data
- 100 GbE network for high bandwidth and minimal latency
- System management via Supermicro DCMS
- Assembly & certification in accordance with ISO9001:2015 and IEC 61340-5-1 (ESD)
Support & SLA
- 5-year parts warranty SLA 2/5
- Support via Mustang® Systems Helpdesk (next business day, advance replacement)
Result
With the new infrastructure, the customer can operate eSIM generation processes with maximum performance and full control – a decisive advantage in a security-critical field of application.
- Significantly reduced computing time for eSIM profiling
- Local operation without public cloud dependency
- Future-proof thanks to modular expandability
- Operational and investment security through separately deployable, individually maintainable nodes
- Eligible for funding and compliant
- Implementation in just a few weeks thanks to preconfigured, tested setup
The project exemplifies how powerful on-premises systems today meet the technical and regulatory requirements for digital sovereignty—especially in security-relevant industrial sectors such as telecommunications.