vanRoojen LLC

Products • TvRMM

An RMM built for self-managed fleets that take security seriously.

TvRMM is endpoint monitoring and management for Windows, Linux, Proxmox VE, and Unraid. It is available as hosted multi-tenant SaaS for teams that do not want to operate infrastructure, and as a single-tenant customer-owned deployment for stricter runtime, database, PKI, package-cache, and network boundaries.

Open TvRMM See the principles

What it is

Fleet management that earns its place on your network.

TvRMM is built for teams that need endpoint inventory, patch orchestration, scripts, terminal relay, reboot workflows, and homelab infrastructure visibility without pretending every small fleet is a managed-service-provider estate.

01 — Trust

Mutual TLS, end to end

Every agent authenticates with a uniquely-issued client certificate, pinned by SPKI on the server. There is no shared token, no bearer secret, and no path that bypasses the cryptographic identity of the endpoint.

02 — Authority

Role-based access, by default

Viewer, operator, admin, and owner roles are enforced on every write — not just the UI. Admins can voluntarily downgrade their own effective role for routine work, and the server respects it.

03 — Hygiene

Soft-delete with verifiable cleanup

Removing an endpoint queues an uninstall, revokes its certificate, regenerates the CRL, and only finalizes the deletion once the agent confirms it actually left. Offline boxes self-clean if they ever come back.

04 — Native homelab

Unraid & Proxmox as first-class citizens

Detection, inventory, and actions for Unraid arrays, Docker containers, libvirt VMs, Proxmox QEMU and LXC guests — including cluster-aware migration tracking and ZFS pool health.

05 — Patches

Patching that respects your topology

Scan and push updates to Linux, Windows ARM endpoints, and guests-via-host through a controlled command pipeline — with approvals, deploy status, and a clear audit trail per agent.

06 — Deployment

Hosted or customer-owned

Start with hosted TvRMM SaaS when you want the workflow without operating a server, or use a single-tenant appliance when you need to own the runtime, database, PKI, package cache, and network boundary.

Who it's for

Built for small teams and serious operators with mixed infrastructure.

TvRMM is not specific to one private homelab. It is built for homelab-style operators in general, small IT teams, and small-business environments that need a security-conscious RMM across ordinary endpoints and infrastructure hosts.

  • Hosted control plane when you want a managed SaaS service.
  • Single-tenant appliance when customer-owned boundaries matter.
  • Designed for small fleets first, including homelab and small-business operators.
  • Documented like a tool you'll actually have to debug.

Product model

Outbound agents, role-scoped actions, and explicit deployment boundaries.

Managed endpoints connect outward to TvRMM using enrolled agents. The platform is designed around certificate identity, role-scoped portal access, patch and reboot workflows, terminal relay, scripts, and clear cleanup when an endpoint is removed.

Hosted SaaS is the fastest path when you do not want to operate the control plane. Single-tenant deployment keeps the runtime, PostgreSQL database, package cache, trust roots, and network boundary under customer control.

For public examples of the same operations-first product posture, see SpotStarter and SpotSwitcher for Azure Spot VM automation.

Product fit

Compare the hosted and single-tenant paths.

Start at the TvRMM product site for hosted SaaS, single-tenant deployment, platform coverage, security model, and AI-readable product context.

Contact form
Open TvRMM