Infrastructure Stack Overview
1. Core Philosophy: "The Sovereign Stack"​
Our infrastructure is built on a "Zero Local Reliance" model. We assume any server can be destroyed and recreated instantly via code. We use a unified "Fleet Controller" architecture where all client infrastructures are managed as submodules of a central repository.
2. Management & Orchestration (The Brain)​
- GitOps Core:
infrastructure-as-coderepository (Fleet Controller). - Provisioning: Terraform (Cloud Resources) and Ansible (Server Configuration).
- Secrets Management: Infisical. (No secrets in Git. Injected at runtime).
- Source of Truth (Infra): NetBox. (IPAM, DCIM, Cabling, Virtualization inventory).
- Source of Truth (Software): Port.io. (Service Catalog, Software Inventory, "What runs where").
3. Operations & Security (The Shield)​
Every server under management (Client or Internal) is equipped with our standardized "Sovereign Stack":
| Component | Tool | Function |
|---|---|---|
| RMM | Pulseway | Remote Monitoring, Patching, and Automation. |
| Endpoint Security | Bitdefender GravityZone | Antivirus, EDR, and Advanced Threat Security (ATS). |
| SOC | RocketCyber | 24/7 Managed Security Operations Center (SOC). |
| Connectivity | NetBird | Zero-Trust Mesh VPN (replacing open SSH ports). |
| Observability | Grafana Alloy | Collector sending Logs/Metrics to Grafana Cloud. |
4. Business Applications (The Interface)​
- ERP & Helpdesk: Odoo SaaS. Central hub for ticketing, CRM, and billing.
- Single Pane of Glass: Grafana Cloud. Consolidated dashboards for all client alerts and metrics.
- Alerting: Grafana Cloud -> Odoo (Ticket) + Google Chat (Notification).
5. Hosting Environments​
We manage diverse infrastructures across:
- Hyperscalers: AWS, GCP, Azure.
- Edge: Cloudflare.
- On-Premises: Physical servers and Hybrid Cloud setups.
6. Legacy/Deprecated​
- GlusterFS, Local Docker Swarm (unless specified in client submodule), and local AI stacks are no longer part of the core MSP baseline.