ORVIWO C5ISR AIRTDCs Drone Station in Military Trucks (JLTV-Class)

Offline-first UAS + Edge AI + Governed C2 workflows with segmented networks, deterministic resync, and immutable audit

Modern operations don’t fail because teams lack sensors. They fail when data can’t move, analytics can’t run, decisions can’t be trusted, or evidence can’t be validated when accountability matters.

That’s why ORVIWO is developing the C5ISR AIRTDCs Drone Station concept for JLTV-class military trucks: a vehicle-integrated AI-ready tactical data center (AIRTDC) that combines UAS operations, edge compute, resilient comms, and governed mission workflows—built to stay operational in normal, degraded, and denied conditions.

This long-form technical blog explains the architecture, segmentation model, compute and storage modules, comms resiliency, and the governance layer (RBAC, approvals, audit trails) that makes autonomy mission-ready under command authority.

1) What is a C5ISR AIRTDC Drone Station?

A typical “drone truck” focuses on launch/recovery and remote piloting. An AIRTDC Drone Station is different:

It’s a mobile edge node that supports the full operational cycle:

• Sense: capture and normalize video/telemetry from UAS and onboard sensors

• Fuse: correlate AI detections, tracks, and operator annotations into incidents

• Decide: present a local COP with triage queues and governed actions

• Act: task UAS and teams with policy-controlled workflows

• Report & Learn: generate SITREPs/AARs, package evidence, and resync upstream

The Drone Station’s “core” is an offline-first workflow stack—not just a vehicle payload bay.

2) Why JLTV-Class Trucks?

JLTV-class platforms are designed for harsh terrain, contested environments, and mission endurance. Outfitted as Drone Stations, they become repositionable C5ISR extensions that can:

• provide forward ISR for base defense, convoy routes, and area security

• deliver pop-up overwatch during dynamic operations

• run edge AI when cloud access is limited or intermittent

• maintain governed reporting and evidence integrity for AARs

A JLTV-class Drone Station is ultimately a mobile decision advantage node.

3) System Overview (Reference Architecture)

Below is a text-based architecture that matches the technical intent of the AIRTDC Drone Station.

[UAS + Payloads]

| Video/Telemetry (RTSP/RTP/MAVLink or vendor protocols)

v

[UAS Ground Control Segment] ---> [Video Ingest/Decode/Transcode]

| |

| v

| [Edge AI Inference Cluster]

| |

v v

[Operator Mission LAN] --------> [Fusion/Correlation Services]

| |

| v

| [Evidence + Data Storage]

|

+--> [COP/SITREP Workstations] ---> [Workflow/RBAC/Audit Services]

|

v

[Comms Edge Gateway / Zero Trust Fabric]

|

+--> Bearer A: SATCOM/Starlink (WAN1)

+--> Bearer B: LTE/5G (WAN2)

+--> Bearer C: MANET/Mesh/V2V (optional)

|

v

[Higher Echelon / Enterprise C2 / Data Repositories]

Design intent: the node remains operational locally with queued replication, then deterministically resyncs when upstream connectivity returns.

4) Network Segmentation (VRF/VLAN Model)

The Drone Station is built on a segmented, deny-by-default architecture. Each domain is isolated by VRFs/VLANs with inter-zone communication passing only through a policy firewall.

Recommended VRFs / VLANs

1. VRF-UAS (VLAN 10)UAS modem/radio endpoints, GCS workstation(s), ingest node(s)

2. VRF-MISSION (VLAN 20)COP clients, SITREP/AAR workstation(s), mission operator laptops/tablets

3. VRF-COMPUTE (VLAN 30)Inference services, fusion/correlation, event bus, internal APIs

4. VRF-STORAGE (VLAN 40)NAS/object storage, evidence vault, snapshot/backup targets

5. VRF-MGMT (VLAN 50)OOB management, iDRAC/iLO, monitoring collectors, admin jump host

6. VRF-WAN (VLAN 60)SD-WAN edges, VPN termination, controlled egress and routing policy

7. VRF-PARTNER/GUEST (optional, VLAN 70)Approved external devices; default deny to compute/storage

Policy posture

• No flat LAN. No direct workstation access to storage.

• Inter-VRF routing only via firewall.

• Allow lists only. “Deny unused services” is explicit.

• Logging enabled on all inter-zone allows.

This segmentation makes it feasible to meet Zero Trust requirements and prevents lateral movement when something fails or is compromised.

5) Compute Modules (What Runs Onboard)

A) UAS Services Module

• vendor GCS application(s)

• payload control (EO/IR controls, geofencing, mission planning, etc.)

• telemetry capture/broker (protocol depends on UAS vendor)

B) Video Ingest + Processing

• RTSP ingest and stream control (if applicable)

• RTP/RTCP media handling (prefer pinned port ranges)

• transcode/proxy for operator viewing and AI pipelines (hardware acceleration when possible)

C) Edge AI Inference Cluster (GPU/CPU)

• real-time inference pipelines (object detection/classification/tracking/anomalies)

• compute throttling under degraded power/thermal conditions

• structured output: detections + confidence + time/geo metadata

D) Fusion & Correlation Services

• correlates detections + telemetry + operator annotations

• builds “incident objects” with linked timelines

• produces case bundles suitable for reporting and evidence

E) COP + SITREP/AAR Services

• local COP server with offline caches and map layers

• SITREP/AAR generator with templated reporting

• export controls under governance (approval workflows)

F) Platform Services

• GNSS/PTP/NTP time discipline

• system health and vehicle power telemetry

• degraded-mode controller (resource policies + failover triggers)

6) Storage Architecture (Evidence-Quality Design)

The Drone Station uses tiered storage to balance performance, retention, and integrity.

Storage tiers

1. Hot storage (NVMe local): rolling buffer for active video/telemetry

2. Warm storage (RAID/NAS/object store): mission artifacts, indexes, mid-term retention

3. Evidence vault (immutable/WORM policy): finalized bundles + manifests

4. Backup/recovery: snapshots + encrypted export workflows (when authorized)

Evidence bundle structure (example)

CASE-YYYYMMDD-####/

manifest.json (hashes + metadata + signatures)

video/ (clips)

images/ (frames, thumbnails)

telemetry/ (tracks, CSV/JSON)

reports/ (SITREP/AAR)

logs/ (approval receipts, access logs)

Key principle: finalized evidence is immutable and accompanied by signed hash manifests to support chain-of-custody and AAR credibility.

7) Communications (Multi-Bearer + Policy-Based Routing)

The Drone Station assumes links will degrade. Connectivity is treated as a variable—not a dependency.

Multi-bearer options

• WAN1: SATCOM/Starlink (high throughput, variable latency)

• WAN2: LTE/5G (lower latency, coverage dependent)

• WAN3: Mesh/MANET/V2V (optional for local resiliency)

Policy examples

• COP deltas and critical messages prefer WAN2; failover to WAN1

• bulk evidence upload prefers WAN1

• critical reports may duplicate across WAN1 + WAN2 if available

• resync throttles automatically under poor conditions

Transport

• VPN overlays: IPsec or WireGuard

• application transport over HTTPS; optional mTLS for service-to-service

8) Deterministic Resync (Offline-First Data Continuity)

When upstream is unavailable, the node continues locally. When connectivity returns, it performs deterministic resync:

• local event log / queue stores mission events and artifact references

• resync uses idempotent writes (safe replays)

• resumable uploads for large evidence bundles

• integrity verification with hash manifests and receipts

• conflict resolution policies for COP objects and annotations

This creates predictable behavior in real operations: the system doesn’t “guess” or silently diverge.

9) Governed Autonomy (RBAC, Approvals, Audit Trails)

Autonomy without governance becomes risk. ORVIWO’s approach is governed autonomy:

RBAC roles (example)

• UAS Operator

• Intel Analyst

• Mission Commander

• NetOps / Comms

• Maintainer

• Auditor

Approval workflows (examples)

Actions that can require approval:

• evidence bundle export/release

• pushing COP updates upstream

• sharing streams outside the node

• activating elevated analytic modes (if applicable)

Immutable audit

• append-only, signed/hash-chained audit records

• captures who did what, when, and why (correlation IDs)

• audit snapshots can be stored in the evidence vault

This ensures mission accountability remains human and traceable.

10) Ports & Flows (Reference)

Exact ports vary by vendor, but a hardened pattern looks like this:

• Video ingest: RTSP TCP 554 + RTP/RTCP UDP (fixed range) or SRT

• App access: HTTPS 443 (operators to COP/Workflow)

• Event bus: choose one (NATS/Kafka/AMQP) internal only

• DB: Postgres 5432 internal only

• Object store/evidence vault: HTTPS 443 internal only

• VPN: IPsec (UDP 500/4500 + ESP) or WireGuard (UDP 51820)

Rule of thumb: workstations should speak only HTTPS to approved services. No direct DB or storage access.

11) Degraded-Mode Operations (Resilience by Design)

The node includes operational policies for power, thermal, and connectivity constraints:

• reduce inference FPS under low power/thermal conditions

• prioritize COP, reporting, and audit logging over bulk analytics

• enforce retention policies (protect finalized evidence first)

• continue local operations during WAN outage; queue resync

This is how mission continuity survives the real world.

12) What Makes This “AIRTDC” (Not Just a Drone Truck)

A drone truck launches aircraft.

An AIRTDC Drone Station sustains decision workflows:

• onboard compute that correlates and packages, not just streams

• offline-first mission continuity

• Zero Trust segmentation + controlled egress

• governed autonomy under command authority

• evidence-quality bundles for AAR and accountability

13) Where This Deploys (Use Cases)

• base defense / perimeter overwatch

• convoy route reconnaissance

• border and coastal monitoring

• disaster response and austere operations

• critical infrastructure protection

• SOF support operations requiring mobility + governance

14) The ORVIWO Vision

🇵🇷 Engineered in Puerto Rico. ⚡ Built for the frontline. 🔐 Powered by ORVIWO.

ORVIWO is developing deployable edge architectures that combine:

• AI-ready tactical infrastructure

• Zero Trust networking and governed workflows

• resilient communications and field compute

• evidence integrity and operational accountability

15) Let’s Talk (Technical Collaboration)

If your organization is exploring JLTV-class drone operations, edge AI, or deployable C5ISR workflows, ORVIWO can support:

• reference architecture and sizing (compute/storage/comms)

• segmentation and firewall allow-list design

• governed autonomy workflow design (RBAC/approvals/audit)

• deterministic resync engineering and integration planning

Contact ORVIWO to discuss a pilot architecture aligned to your mission and governance requirements.