Fleet tracking looks simple from the outside: dots moving on a map. The engineering underneath is not. This is a reference build that walks the full delivery cycle, and the non-functional details that decide whether the platform survives production.
A real-time fleet tracking platform ingests location data from in-vehicle devices, processes it as a stream, and serves it to dashboards and mobile apps. This reference build walks the full cycle, from discovery and requirements through architecture, testing, and launch, with the non-functional details that decide whether a fleet platform survives production.
Fleet tracking looks simple from the outside: dots moving on a map. The engineering underneath is not. This is a reference build, a worked example of how we would architect a real-time fleet tracking platform for a UAE operator. It is not a specific client project and uses no client data; the value is in the method and the decisions, which carry across to most real-time, high-ingest systems.
Discovery: what does a fleet platform actually have to do?
Before any architecture, discovery establishes what the platform is for and who depends on it. A dispatcher needs to see every vehicle right now. An operations manager needs yesterday's routes and exceptions. A driver needs a simple app that works on a weak signal in a basement car park. A finance team needs accurate distance and idle time for billing. Each of those is a different read pattern with a different tolerance for delay.
Discovery also surfaces the constraints that quietly shape everything: how many vehicles, how often they report, how long history must be kept, which existing systems the data must feed, and what the regulator expects. We write these down before we design, because a requirement like 'report every two seconds across forty thousand vehicles' changes the architecture completely.
How does discovery become a buildable spec?
Discovery becomes a business requirements document and then a software requirements specification. The functional requirements are the straightforward part: live map, trip history, geofences, alerts. The requirements that decide success are the non-functional ones, and they are the ones least often written down: freshness, behaviour under load, what happens when a device loses signal, data retention, and recoverability.
We set explicit targets for each, because a target you can measure is a target you can test. The table later in this article lists the ones we design a fleet platform around.
What does the architecture look like?
The shape that satisfies those requirements separates three jobs cleanly: getting data in, processing it, and serving it.
Devices send positions over MQTT, a lightweight, publish and subscribe, machine-to-machine protocol built for constrained networks [1]. They authenticate to the gateway with mutual TLS, so a spoofed device cannot inject positions. Ingestion is stateless and autoscaled, so the morning surge when every vehicle starts reporting does not topple it. A durable, replayable log decouples ingestion from processing, so a slow consumer never drops a position, and a derived store can be rebuilt later by replaying the log.
Processed positions land in a time-series database, a store optimised for time-stamped data that delivers significant improvements in storage and performance over a general purpose database for this shape of data [3]. Fleet, user, and billing records stay in a relational database, where geofence polygons also live behind a spatial index, so the processor can evaluate zone containment as each position arrives. Raw trip history ages into cheap object storage. The application layer reads from whichever store fits the query, behind authentication and an API gateway. The clients, an operations dashboard and a driver app, never touch the data stores directly.
What do teams miss?
This is where a reference build earns its keep. The functional features are table stakes; these are the decisions that separate a platform that demos well from one that runs for years.
Threat model first. We enumerate the threats before we build, a process for identifying potential threats such as structural vulnerabilities or missing safeguards, and prioritising countermeasures [2]. For a fleet platform that means device authentication, enforced as mutual TLS at the gateway before a message reaches the log, signed firmware updates, tenant isolation, and rate limits on ingestion.
Data protection by design. Vehicle location tied to a driver is personal data under the UAE Personal Data Protection Law, which constitutes an integrated framework to protect the privacy of individuals in the UAE [4], so the design minimises what is collected, encrypts it in transit and at rest, sets retention limits, and audits who reads it. It is built in, not bolted on the week before launch.
Offline behaviour, observability, and recovery. Devices lose signal in tunnels and basements, so they buffer locally and replay on reconnect while the log absorbs the burst. Every position carries a trace, dashboards watch ingestion lag and consumer lag, deploys are versioned with a safe rollback, and the durable log lets a derived store be rebuilt by replaying it after a bug.
How do we sequence the build?
We build in vertical slices, not layers. The first slice is one device reporting to one dashboard pin, end to end, through the real ingestion path. That proves the hardest part of the system in the first weeks and produces a working demo, rather than a database with nothing on top of it.
From there, each demo adds a real capability: history, then geofences, then alerts, then the driver app. The client steers priorities against working software rather than a document, which is how scope stays honest.
How do we test, launch, and handle the trade-offs?
Real-time systems fail under load, not in a quiet test. We simulate tens of thousands of devices reporting at once, inject dropped connections and out-of-order messages, and measure freshness and consumer lag under that pressure. User acceptance testing then runs against the written requirements with the people who will use it: a dispatcher confirms the live map is genuinely live, finance confirms the distance figures reconcile.
Launch is a controlled rollout, not a switch. A pilot group of vehicles runs first, monitored closely, before the full fleet moves over, with alerting, an on-call path, a runbook, and the retention jobs already running on day one. The platform is handed over with its design documentation so the team can run and extend it without us.
The honest part of a reference build is naming the trade-offs. Streaming earns its place here because of ingest volume, tens of thousands of devices reporting at once, not because of latency alone; if the fleet is small and updates can lag, a single managed database with periodic polling can stand in until volume justifies the split. Good architecture matches the design to the real constraints, not to the most sophisticated option available.
Non-functional targets we design a fleet platform around
| Concern | Target we design to | How the architecture meets it |
|---|---|---|
| Position freshness | Under 5 seconds, device to dashboard | Lightweight MQTT ingestion and stream processing, not request polling |
| Poor or lost signal | No lost positions | Devices buffer locally and replay; the durable log absorbs the reconnect burst |
| Scale | Tens of thousands of devices | Stateless, autoscaled ingestion and a time-series store built for high write volume |
| Data protection | PDPL-aligned | Data minimisation, encryption in transit and at rest, retention limits, audited access |
| Recoverability | Safe rollback and replay | Versioned deploys, a durable replayable log, point-in-time restore |
Key takeaways
- A fleet platform is a real-time, high-ingest system; the architecture separates getting data in, processing it, and serving it.
- The non-functional requirements (freshness, offline behaviour, scale, data protection, recovery) decide success and are the most often skipped.
- MQTT ingestion with mutual TLS, a durable replayable log, and a time-series store are the load-bearing choices for high-volume position data.
- Geofences need a spatial index and containment evaluated in the processor, not a time-series store alone.
- Under the UAE PDPL, driver location is personal data, so protection is designed in from the start, not added before launch.
FAQ
Is this based on a real client project?
No. This is a reference build, a worked example that shows how we approach the problem. It does not describe a specific client or use any client's data. The architecture and the decisions are real; the project itself is illustrative.
What database should store GPS positions?
A time-series database, which is optimised for time-stamped data and outperforms a general purpose database for high-volume position streams. Fleet, user, and billing records stay in a relational database alongside it, with geofence polygons behind a spatial index, and older trip history ages into cheaper object storage.
How do you handle vehicles that lose signal?
Devices buffer positions locally and replay them when the connection returns, and the durable log absorbs the reconnect burst, so a gap in coverage does not become a gap in the record.
Is a fleet tracking platform subject to the UAE PDPL?
Usually yes. Location tied to an identifiable driver is personal data, so the platform is designed for data minimisation, encryption, retention limits, and audited access from the start.
Related reading
Sources
- MQTT (Wikipedia)
- Threat model (Wikipedia)
- Time series database (Wikipedia)
- Data protection laws - The Official Portal of the UAE Government (UAE Government)
Planning a real-time or high-ingest platform? Book a discovery call. Book a discovery call
Originally published on innopalm.ae.
Top comments (0)