Platform
Open-source foundations. Your infrastructure. Our operating discipline.
The ManagedNOC platform is a curated stack of proven open-source monitoring components, deployed on servers you own and operated by our engineers. No per-sensor SaaS fees, no data leaving your environment, no vendor lock-in.
Architecture Overview
How the pieces fit together.
One or two monitoring hosts inside your environment run the full stack. Collectors reach out to your devices and services; only alert notifications and remote-management access traverse the boundary — over encrypted, restricted channels.
Data plane stays inside
Metrics, logs, and security events are collected and stored on your monitoring host(s). Nothing streams to a third-party cloud by default.
Notifications go out
Alert notifications reach our triage workflow and your contacts via email, Teams/Slack, or ticketing — carrying alert context, not bulk telemetry.
Management access is controlled
Our engineers access the platform over an encrypted VPN or equivalent controlled channel you approve, with named accounts and audit trails.
Customer-Hosted Model
Why customer-hosted beats SaaS monitoring for most SMBs.
What you get with customer-hosted
- Full data ownership — telemetry, logs, and history live on your servers
- Data residency by construction: nothing to negotiate in a DPA about telemetry storage
- Predictable cost — no per-device, per-sensor, or per-GB metering
- Monitoring keeps working during internet outages (and alerts when connectivity returns)
- Exit-friendly: if we part ways, the stack and its history remain yours to run
What we bring on top
- Design, deployment, and hardening of the stack — as code, via Ansible
- Continuous tuning so alert quality stays high as your environment changes
- Engineer triage and escalation instead of unread notification emails
- Patching and lifecycle management of the monitoring platform itself
- Monthly reporting and health reviews with your stakeholders
Supported Components
A curated stack — not a science project.
Every component is established, widely deployed, and chosen for reliability over novelty. We standardize so we can operate at depth; we stay flexible where your environment requires it.
Zabbix
Core infrastructure monitoring
Enterprise-proven monitoring for network devices, servers, and services — agent-based and agentless, with dependency-aware alerting and decades of production maturity.
Grafana
Dashboards & visualization
The single pane of glass. Live operational dashboards, executive views, and per-site drill-downs — read-only access for as many stakeholders as you like.
Prometheus
Metrics for modern workloads
Time-series metrics for containerized and cloud-native workloads where exporters fit better than traditional checks.
Loki
Log aggregation
Centralized, efficiently indexed logs from servers and network devices — searchable next to the metrics they explain, without per-GB SIEM pricing.
Uptime Kuma
External uptime monitoring
Independent HTTP(S), TCP, DNS, and certificate checks on your public services — because internal monitoring can't see what your customers see.
NetBox
Network source of truth
Documented inventory of sites, racks, devices, IPs, and circuits — so monitoring reflects what actually exists and changes are tracked deliberately.
Wazuh
Security monitoring (SOC-Lite)
Host-based intrusion detection, file integrity monitoring, vulnerability views, and compliance rule packs for the security tier of the platform.
Ansible
Automated, repeatable deployment
The whole stack is deployed and maintained as code — consistent, documented, auditable, and rebuildable rather than hand-configured and fragile.
Microsoft-centric environments can add Microsoft Sentinel and Defender XDR monitoring in your own tenant — see SIEM options. All product names are trademarks of their respective owners; our use describes interoperability, not endorsement.
Alerting & Incident Workflow
From raw signal to resolved incident.
- 1
Detect
A check fails, a threshold trips, or a security rule fires on the platform.
- 2
Filter
Dependencies, maintenance windows, and dedup rules suppress noise automatically.
- 3
Triage
An engineer verifies the signal, assesses impact, and assigns severity.
- 4
Escalate
The right contact gets a clear notification: what broke, impact, recommended action.
- 5
Review
Incidents feed the monthly report — trends, root causes, and prevention items.
Security & Data Ownership
The monitoring platform is built like the thing it protects.
Least-privilege collection
Read-only credentials, SNMP views, and scoped API permissions wherever supported. The platform observes; it does not administer your systems.
Hardened hosts
Monitoring servers are patched, firewalled, and access-restricted following CIS-aligned baselines — they are high-value targets and we treat them that way.
Named access & audit trails
Our engineers use named accounts over encrypted channels you approve. Access can be revoked by you at any time — it's your infrastructure.
Your data, your exit
Configurations, dashboards, and historical data belong to you contractually and physically. Offboarding includes documentation handover, not a data ransom.
Deployment Options
Three ways to host the platform.
On-premises
A VM (or two) on your existing hypervisor. The most common option — closest to the devices being monitored and fully inside your network boundary.
- Runs on Hyper-V, VMware, or Proxmox
- Sized typically 4 vCPU / 8–16 GB RAM to start
- No new hardware for most environments
Your cloud tenant
Monitoring hosts in your Azure or other cloud subscription, connected to sites via VPN. Good for cloud-first or multi-site organizations without a central server room.
- Deployed in your subscription — your bill, your control
- Site connectivity over existing or new VPN
- Pairs naturally with Microsoft Sentinel
Hybrid
Central platform in your cloud tenant with lightweight collectors on-site at each location — the standard pattern for multi-site and distributed businesses.
- Per-site collectors survive WAN outages
- Central dashboards and reporting
- Scales site by site as you grow
Want the architecture mapped to your environment?
A readiness assessment produces a concrete deployment design — hosts, collectors, credentials, and coverage — before you commit to anything.