Mobisec
Contact
All case studies
Case Study · Dialog · Mobitel · Airtel

A decade operating VAS platforms at national-carrier scale

A multi-tenant telco application platform powering 20+ consumer services across Sri Lanka's national networks — built, deployed, and continuously operated by Mobisec since 2015.

2M+
Subscribers on platform
10 yrs
Continuous operation
20+
Services deployed

The challenge

Three of Sri Lanka's national telecommunications operators — Dialog, Mobitel, and Airtel — run mature networks serving the country's subscriber base. On top of those networks sit the Value-Added Services that shape modern telco revenue: subscription alerts, content delivery, messaging, USSD tools, loyalty mechanics, and more.

Historically, every new VAS meant its own integration, its own billing plumbing, its own operations. Each service was a bespoke project. Scaling the number of services meant scaling the cost and risk of every launch.

Mobisec set out to build something different: a single, multi-tenant platform that could sit between the operators' core infrastructure and any VAS application — whether built by Mobisec, partner companies, or the operators themselves — and make launching a new service a matter of days, not months.

What we built

The telco application platform

A consolidated integration layer that speaks directly to the operators' messaging infrastructure, USSD gateways, and billing systems. From day one it was designed to be multi-tenant: any application built against the platform gets connectivity, billing, and subscriber management without having to re-solve the hardest parts of carrier integration.

  • SMS & SMSC connectivity via SMPP, with failover routing across operators
  • USSD session handling and menu orchestration
  • Subscription lifecycle management with recurring billing and opt-in/opt-out compliance
  • Telco-native billing integration plus alternative payment methods for off-network users
  • Multi-operator, multi-tenant — per-tenant configuration, pricing, and reporting
  • Real-time event processing with at-least-once delivery guarantees

20+ consumer services deployed on top

Since 2015, Mobisec and partner teams have shipped over twenty distinct consumer services on the platform. Among them:

  • SMS chat and messaging
  • OTT messaging applications
  • Daily content and alert subscriptions
  • Cell-tower based location tracking
  • Spam detection and filtering
  • USSD interactive services
  • Smartphone applications with telco-integrated billing

Some of these services are operated directly by Mobisec, sustaining our own base of 1M+ active users. Others are operated by partner companies using the platform as infrastructure — together reaching 2M+ subscribers across the platform.

A decade of continuous operation

The platform has been running in production continuously since 2015. Over that time it has sustained 99.95% uptime across the last seven years of tracked SLA, with peak throughput above 10,000 SMS per second, and has absorbed everything from routine service launches to full-scale operator migrations without a break in service.

The architecture

The platform is event-driven from end to end. Incoming telco traffic — inbound SMS, USSD requests, billing events — is normalised into a queue-based pipeline and processed asynchronously, so bursts don't translate into cascading failures.

  • AWS cloud-native deployment — EC2 behind load balancers, with horizontal auto-scaling on the processing tier
  • MongoDB for subscriber and session state
  • Redis for rate limits, short-lived session data, and distributed locks
  • Asynchronous event queues decoupling ingress from processing, so a slow downstream never back-pressures the operator's network
  • Direct SMPP integration to operator messaging cores with connection pool management and graceful reconnect
  • Observability from day one — every service instrumented for metrics, logs, and distributed tracing

Every layer is designed to fail gracefully: a failing service doesn't take the platform down, and a failing downstream integration doesn't degrade the operator-facing SLA.

Impact

  • 2M+ subscribers served across platform-hosted services
  • 1M+ direct Mobisec users across our own VAS portfolio
  • 20+ services deployed on the shared platform since 2015
  • 10,000+ SMS/sec sustained peak throughput
  • 99.95% uptime over the last seven years
  • Continuously operated — no replatforming, no rebuild, ten years and counting

Why it matters for every other engagement

Operating inside a national telco network for a decade teaches a discipline most software teams never develop:

  • You can't miss an SLA. Missed billing events are lost revenue. Missed delivery is subscriber complaints. Missed uptime is a regulatory conversation.
  • You can't deploy during peak hours. Every release is zero-downtime, instrumented, and reversible.
  • You can't lose data. Every event has a paper trail.

That discipline is the reason every Mobisec engagement — ERP, consumer mobile, or greenfield platform — operates to a higher reliability bar than a typical agency build. The bar is set by the hardest thing we do, not the easiest.

Let's talk

Building something that has to work at scale?

Whether it's an ERP that can't afford a week of downtime, a consumer app entering a saturated market, or a telco platform that needs to hold five nines — talk to our engineering leadership directly.

Book a discovery callSend us a project brief