ROOT
Core VPN hub, network policy enforcement, identity anchor, and central observability plane.
VPN Hub
Observability/Monitoring Platform
Policy Enforcement
Source of Truth
ROOT Cloud
Virtualisation host providing compute, isolated workloads, and controlled console access.
libvirt/KVM
Compute
Out of Band Access
Cloud Vault
Staged backup intake with immediate encryption-at-rest and off-host key custody.
Staged SMB Intake
GPG Encrypted Vault
Off-Host Keys
Backup Integrity Controls
EPOS Zabbix Server
Large-scale Zabbix platform monitoring hundreds of EPOS tills using custom domain-specific telemetry.
Zabbix
Custom Items
Role-Based Alerting
Industry Metrics
OpenBSD Gateway
Layered WireGuard egress gateway enforcing stateful PF firewall filtering and controlled routing domains.
Egress Control
Privacy
Stateful Filtering
Identity-Based Policy
Bastion 01
Authenticated ingress choke point and reverse proxy layer providing identity enforcement and boundary logging.
Identity & Authentication
Reverse Proxy
Choke Point
Access Logging
Shell Raspberry Pi
LAN reverse proxy for internal services with safeguards against accidental service exposure.
LAN Proxy
Service Exposure Detection
Edge Controls
Windows Server Lab
Isolated Windows Server environment maintained for cross-platform integration and Active Directory competency.
Active Directory
DNS
Group Policy
Lab Testing
Personal Laptop
Hardened administrative workstation used for secure infrastructure management, remote access, and development tooling.
Secure Admin Host
SSH / VPN Client
Hardened OS
Development Environment