Documentation > Professional+
⭐ PRO+

SysManage Professional+

Unlock advanced capabilities with AI-powered health analysis, vulnerability scanning, and enterprise features for comprehensive infrastructure management.

Overview

SysManage Professional+ extends the Community Edition with advanced AI-powered analysis, enterprise integrations, and premium support. Whether you're managing a growing team or a large enterprise, Professional+ provides the tools you need for proactive infrastructure management.

🎯
Choose Your Tier
Professional or Enterprise
🔑
Get License Key
Contact sales for your key
Activate Features
Unlock Pro+ capabilities

Pro+ Modules

🏥 Health Analysis

AI-powered system health scoring with actionable recommendations for optimization.

  • Health scores from 0-100
  • Letter grades (A+ to F)
  • Automated issue detection
  • Actionable recommendations
Health Analysis Guide →

🛡 Vulnerability Scanning

Continuous security scanning to identify and prioritize vulnerabilities across your infrastructure.

  • CVE database integration
  • Priority-based remediation
  • Vulnerability tracking
  • Security reports
Vulnerability Scanning Guide →

🔔 Alerting Engine

Configurable alerting with email, webhook, Slack, and Teams notifications.

  • Multiple alert conditions
  • Multi-channel notifications
  • Cooldown management
  • Acknowledge & resolve
Alerting Engine Guide →

📋 Compliance Engine

Automated compliance assessments against industry frameworks with detailed reporting.

  • CIS, NIST, PCI DSS, HIPAA
  • Automated assessments
  • Export to PDF/CSV
  • Scheduled reports
Compliance Engine Guide →

📊 Reporting Engine

Professional HTML and PDF report generation for infrastructure documentation and compliance.

  • Interactive HTML reports
  • Professional PDF generation
  • Host, user, and security reports
  • Internationalized content
Reporting Engine Guide →

🔒 Secrets Engine

Enterprise secrets management with encrypted storage, versioning, and automated deployment.

  • SSH keys, certificates, credentials
  • Secret versioning and rotation
  • Automated host deployment
  • Access logging and auditing
Secrets Engine Guide →

🔎 Audit Engine

Advanced audit logging with SIEM integration, integrity verification, and compliance exports.

  • CSV, JSON, CEF, LEEF exports
  • SIEM platform integration
  • Integrity verification
  • Configurable retention policies
Audit Engine Guide →

💻 Container Engine

WSL and LXD container lifecycle management with creation, start/stop/restart/delete, distribution management, and monitoring.

  • Full lifecycle management
  • WSL and LXD containers
  • Distribution management
  • Real-time monitoring
Container Engine Guide →

🔐 External Identity Providers

Sign in with your existing LDAP/Active Directory or OIDC provider. External group membership maps to sysmanage roles automatically; break-glass local-password fallback keeps you in if the directory is unreachable.

  • LDAP / Active Directory bind+search
  • OIDC authorization-code flow
  • External group → sysmanage role mapping
  • Break-glass local-password fallback
External Identity Providers Guide →

🔌 Air-Gap Deployment

Build a single multi-OS ISO containing the SysManage server (or agent) plus every transitive native-package and Python wheel dependency, then install into a network with no internet access using one command.

  • Ubuntu / Debian / Fedora / RHEL / openSUSE / Alpine / BSD / macOS / Windows
  • Transitive OS deps + Python wheels bundled
  • Auto OS-detect dispatcher script at ISO root
  • UI-driven build, download, and lifecycle
Air-Gap Deployment Guide →

💾 Repository Mirroring

Mirror upstream APT, DNF, zypper, and FreeBSD pkg repositories onto a host inside your fleet. Cron-driven sync, point-in-time snapshots, integrity checks, multi-region tiered mirrors, and air-gapped deployment support.

  • APT / DNF / zypper / FreeBSD pkg
  • Point-in-time snapshots + restore
  • Air-gapped deployment via optical media
  • Multi-region tiered mirrors
Repository Mirroring Guide →

🖥️ Child Host Management

End-to-end management of virtualized child hosts (WSL, LXD, KVM, bhyve, OpenBSD vmm) with automatic agent deployment.

  • WSL/LXD/KVM/bhyve/vmm creation
  • Start, stop, restart, delete
  • Automatic sysmanage-agent install
  • Parent/child relationship tracking
Child Host Management Guide →

🔄 Reboot Orchestration

Safe parent host reboot with automatic child host stop and restart orchestration for zero-downtime maintenance.

  • Pre-reboot child host detection
  • Automated stop-reboot-restart flow
  • Real-time status tracking
  • Automatic child host recovery
Reboot Orchestration Guide →

🌐 Multi-Site Federation

Hierarchical multi-server architecture for geographically distributed enterprises. A coordinating Federation Controller aggregates host inventory, compliance, and command dispatch across many subordinate site servers.

  • Site server registry + secure mTLS enrollment
  • Host-directory tier sized for 1M-host fleets
  • Polymorphic policy push with stale-version detection
  • Cross-site command dispatch with terminal-state FSM
  • Federation audit log + geographic sites map
Multi-Site Federation Guide →

🛡 AV Management Engine

Centralised antivirus deployment with reusable policies, scheduled scans, definition-update cadence, and fleet-wide commercial AV detection.

  • Reusable named AV policies
  • Daily / weekly / monthly scan schedules
  • Configurable definition-update cadence
  • Fleet commercial-AV detection report
AV Management Engine Guide →

🔐 Firewall Orchestration Engine

Multi-platform firewall config generation with role assignment, fleet policy deployment, rule conflict detection, and compliance reporting.

  • UFW, firewalld, pf, ipfw, npf, Windows, macOS
  • Fleet-wide policy deployment with filters
  • Pre-deploy rule conflict detection
  • Fleet compliance reporting
Firewall Orchestration Engine Guide →

⚡ Automation Engine

Saved-script library with version history, multi-host execution, multi-shell support, scheduled triggers, approval workflows for privileged scripts, and scheduled fleet upgrade profiles with cron + staggered rollout windows.

  • Versioned saved-script library
  • bash, zsh, sh, ksh, PowerShell, cmd
  • Cron-style scheduled execution
  • Approval workflows + parameterization
  • Scheduled fleet upgrade profiles (cron + staggered windows)
Automation Engine Guide →

🌐 Fleet Engine

Bulk operations, host groups with hierarchy and dynamic-criteria membership, rolling deployments with failure thresholds, and per-operation progress tracking.

  • Bulk ops across selectable host sets
  • Host groups with parent/child hierarchy
  • Rolling deployments with failure thresholds
  • Cron-scheduled fleet operations
Fleet Engine Guide →

🧰 Virtualization Engine

Hardware virtualization lifecycle management for KVM/QEMU (Linux), bhyve (FreeBSD), and VMM/vmd (OpenBSD): create / delete VMs, networking, storage, guest provisioning, and safe parent-host reboot.

  • KVM/QEMU + libvirt + virt-install
  • bhyve + vm-bhyve + ZFS zvol storage
  • OpenBSD vmd + autoinstall via bsd.rd surgery
  • Per-distribution guest provisioning (cloud-init, nuageinit, preseed, autoinstall, apkovl)
Virtualization Engine Guide →

📈 Observability Engine

Fleet-wide telemetry: OpenTelemetry collector deployment + lifecycle, Graylog log-forwarder sidecar attachment, and Grafana provisioning — one server-side configuration rolls out across mixed OS fleets.

  • OTEL collector deploy on Linux, *BSD, macOS, Windows
  • Graylog log-forwarder attach / detach per host
  • Grafana datasource + dashboards auto-provisioned
  • Start / stop / restart / uninstall lifecycle controls
Observability Engine Guide →

License Tiers

Professional Tier

Ideal for growing organizations that need AI-powered insights, container management, and advanced monitoring capabilities.

  • AI Health Analysis with scores and grades
  • Health score history and trending
  • WSL and LXD container lifecycle management
  • Advanced monitoring dashboards
  • Custom report generation
  • Safe parent host reboot with child host orchestration
  • Priority email support

Enterprise Tier

Complete solution for large-scale deployments with advanced security, compliance, and integration features.

  • Everything in Professional
  • Vulnerability scanning engine
  • Compliance report generation
  • SSO/SAML integration
  • Advanced role-based access control
  • Audit logging and retention
  • High availability support
  • Hardware virtualization management (KVM/QEMU, bhyve, VMM/vmd)
  • OpenTelemetry, Graylog, and Grafana fleet provisioning
  • Saved-script library + scheduled execution + approval workflows
  • Host groups + bulk operations + rolling deployments
  • Multi-platform firewall orchestration with rule conflict detection
  • SLA guarantee with dedicated support

Enterprise SaaS Tier

The multi-tenant, hosted edition. Everything in Enterprise, delivered as a SaaS platform where each tenant's data lives in its own physically isolated database — built for managed service providers, platform teams, and multi-division enterprises that manage many separate fleets from one deployment.

  • Everything in Enterprise
  • Multi-tenancy — many isolated fleets on one deployment
  • A dedicated, physically separate database per tenant
  • OpenBAO-brokered, short-lived, per-tenant database credentials
  • Per-tenant data residency, independent backup, and clean deletion
  • Self-service tenant provisioning from the control plane

Explore the Enterprise SaaS edition →

Activating Professional+

To activate Professional+ features, add your license key to the SysManage configuration:

# /etc/sysmanage.yaml
license:
  key: "your-license-key-here"
  phone_home_url: "https://license.sysmanage.io"

After adding your license key, restart the SysManage server. The Pro+ features will be automatically enabled based on your license tier.