Skip to content
ManagedNOCby Avalon Web Services

Platform

Open-source foundations. Your infrastructure. Our operating discipline.

The ManagedNOC platform is a curated stack of proven open-source monitoring components, deployed on servers you own and operated by our engineers. No per-sensor SaaS fees, no data leaving your environment, no vendor lock-in.

Architecture Overview

How the pieces fit together.

One or two monitoring hosts inside your environment run the full stack. Collectors reach out to your devices and services; only alert notifications and remote-management access traverse the boundary — over encrypted, restricted channels.

Platform architectureInside the customer environment, monitored systems (network devices, servers, Microsoft 365 and cloud, websites) feed a customer-hosted monitoring stack of Zabbix, Prometheus, Loki, Wazuh, Uptime Kuma, NetBox, and Grafana. Alert notifications flow out to the Avalon NOC/SOC triage workflow and to customer contacts. Engineers access the platform over an approved encrypted channel.CUSTOMER ENVIRONMENTon-premises and/or your cloud tenant — all telemetry stays hereNetwork devices · firewalls · VPNServers · hypervisors · endpointsMicrosoft 365 · cloud servicesWebsites · public servicesMONITORING STACKcustomer-hosted VM(s)Zabbix · Prometheus · LokiWazuh · Uptime KumaNetBox · Grafana dashboardsalerts + reportsencrypted mgmt accessAVALON NOC / SOCalert triage · escalation ·tuning · monthly reportingYOUR CONTACTSemail · Teams/Slack · ticketing —triaged incidents, not raw noise
Diagram: monitored systems feed a customer-hosted monitoring stack; alerts flow to the Avalon NOC/SOC and to customer contacts; engineers access the platform over an approved encrypted channel.

Data plane stays inside

Metrics, logs, and security events are collected and stored on your monitoring host(s). Nothing streams to a third-party cloud by default.

Notifications go out

Alert notifications reach our triage workflow and your contacts via email, Teams/Slack, or ticketing — carrying alert context, not bulk telemetry.

Management access is controlled

Our engineers access the platform over an encrypted VPN or equivalent controlled channel you approve, with named accounts and audit trails.

Customer-Hosted Model

Why customer-hosted beats SaaS monitoring for most SMBs.

What you get with customer-hosted

  • Full data ownership — telemetry, logs, and history live on your servers
  • Data residency by construction: nothing to negotiate in a DPA about telemetry storage
  • Predictable cost — no per-device, per-sensor, or per-GB metering
  • Monitoring keeps working during internet outages (and alerts when connectivity returns)
  • Exit-friendly: if we part ways, the stack and its history remain yours to run

What we bring on top

  • Design, deployment, and hardening of the stack — as code, via Ansible
  • Continuous tuning so alert quality stays high as your environment changes
  • Engineer triage and escalation instead of unread notification emails
  • Patching and lifecycle management of the monitoring platform itself
  • Monthly reporting and health reviews with your stakeholders

Supported Components

A curated stack — not a science project.

Every component is established, widely deployed, and chosen for reliability over novelty. We standardize so we can operate at depth; we stay flexible where your environment requires it.

Zabbix

Core infrastructure monitoring

Enterprise-proven monitoring for network devices, servers, and services — agent-based and agentless, with dependency-aware alerting and decades of production maturity.

Grafana

Dashboards & visualization

The single pane of glass. Live operational dashboards, executive views, and per-site drill-downs — read-only access for as many stakeholders as you like.

Prometheus

Metrics for modern workloads

Time-series metrics for containerized and cloud-native workloads where exporters fit better than traditional checks.

Loki

Log aggregation

Centralized, efficiently indexed logs from servers and network devices — searchable next to the metrics they explain, without per-GB SIEM pricing.

Uptime Kuma

External uptime monitoring

Independent HTTP(S), TCP, DNS, and certificate checks on your public services — because internal monitoring can't see what your customers see.

NetBox

Network source of truth

Documented inventory of sites, racks, devices, IPs, and circuits — so monitoring reflects what actually exists and changes are tracked deliberately.

Wazuh

Security monitoring (SOC-Lite)

Host-based intrusion detection, file integrity monitoring, vulnerability views, and compliance rule packs for the security tier of the platform.

Ansible

Automated, repeatable deployment

The whole stack is deployed and maintained as code — consistent, documented, auditable, and rebuildable rather than hand-configured and fragile.

Microsoft-centric environments can add Microsoft Sentinel and Defender XDR monitoring in your own tenant — see SIEM options. All product names are trademarks of their respective owners; our use describes interoperability, not endorsement.

Alerting & Incident Workflow

From raw signal to resolved incident.

  1. 1

    Detect

    A check fails, a threshold trips, or a security rule fires on the platform.

  2. 2

    Filter

    Dependencies, maintenance windows, and dedup rules suppress noise automatically.

  3. 3

    Triage

    An engineer verifies the signal, assesses impact, and assigns severity.

  4. 4

    Escalate

    The right contact gets a clear notification: what broke, impact, recommended action.

  5. 5

    Review

    Incidents feed the monthly report — trends, root causes, and prevention items.

Security & Data Ownership

The monitoring platform is built like the thing it protects.

Least-privilege collection

Read-only credentials, SNMP views, and scoped API permissions wherever supported. The platform observes; it does not administer your systems.

Hardened hosts

Monitoring servers are patched, firewalled, and access-restricted following CIS-aligned baselines — they are high-value targets and we treat them that way.

Named access & audit trails

Our engineers use named accounts over encrypted channels you approve. Access can be revoked by you at any time — it's your infrastructure.

Your data, your exit

Configurations, dashboards, and historical data belong to you contractually and physically. Offboarding includes documentation handover, not a data ransom.

Deployment Options

Three ways to host the platform.

On-premises

A VM (or two) on your existing hypervisor. The most common option — closest to the devices being monitored and fully inside your network boundary.

  • Runs on Hyper-V, VMware, or Proxmox
  • Sized typically 4 vCPU / 8–16 GB RAM to start
  • No new hardware for most environments

Your cloud tenant

Monitoring hosts in your Azure or other cloud subscription, connected to sites via VPN. Good for cloud-first or multi-site organizations without a central server room.

  • Deployed in your subscription — your bill, your control
  • Site connectivity over existing or new VPN
  • Pairs naturally with Microsoft Sentinel

Hybrid

Central platform in your cloud tenant with lightweight collectors on-site at each location — the standard pattern for multi-site and distributed businesses.

  • Per-site collectors survive WAN outages
  • Central dashboards and reporting
  • Scales site by site as you grow

Want the architecture mapped to your environment?

A readiness assessment produces a concrete deployment design — hosts, collectors, credentials, and coverage — before you commit to anything.