Patch monitoring built for Linux server fleets.
PatchMon gives hosting providers flat per-tier pricing, first-class coverage for Linux and FreeBSD server distros, and a lightweight outbound-only agent that fits inside tight VPS resource budgets. Hosting provider deployments are bespoke engagements today. Get in touch and we will scope what you need.
Why hosting providers talk to us
Hosting providers, VPS hosts, cloud resellers, colocation operators, and WISPs run shared or dedicated Linux infrastructure. PatchMon is built for that operating model: server fleets, transparent per-host pricing, lightweight agents, and compliance evidence that auditors accept.
Linux server fleets, not desktop endpoints
APT, DNF, YUM, APK, Pacman, and pkg on FreeBSD. Lightweight, outbound-only agents. Sub-second dashboard refresh for fleets of hundreds or thousands of nodes.
Volume pricing for hosting fleets
Hosting fleets run into the thousands. Our standard per-host pricing starts at $1/host/month, and we offer volume discounts at hosting-provider scale. Talk to us about a custom rate for your fleet size.
Regional Cloud data residency
PatchMon Cloud runs in multiple regions (UK, DE, FR, US) with isolated per-customer storage. Pick the region that fits your customers' sovereignty requirements.
Outbound-only agents for tight firewalls
Agents connect outbound over WebSocket. No inbound firewall rules on customer hosts. Easier to get past customer security reviews and easier to run on hardened nodes.
Compliance evidence built in
OpenSCAP CIS benchmarks and Docker Bench compliance checks run on a schedule. Generate per-host reports when a customer or auditor asks for proof of state.
Audit and AUP enforcement in seconds
Flag accounts that violate your acceptable use policy, generate patch compliance reports per host, or trigger automated remediation without SSH-ing into every box.
The problem hosting teams keep hitting
Customer servers go unpatched for months because neither the host nor the customer is clearly responsible, and because no patch monitoring agent is running on the box at all. Three patterns show up on every hosting estate we have looked at.
Who owns the patch?
On shared and managed infrastructure the responsibility line between provider and customer is rarely clean. Nodes go months without a kernel update because neither side is clearly accountable and neither side has visibility.
Hundreds of nodes, one pair of eyes
Hosting NOCs do not have time to SSH into every customer box. Without a lightweight patch monitoring agent on each host, the only signal you get about unpatched nodes is the post-incident forensics report.
RMM tools were not built for you
RMMs are priced per endpoint with no volume relief and designed for desktop fleets. They assume a few hundred seats, not a few thousand server nodes. The pricing model and the feature surface are both wrong for hosting providers.
PatchMon vs RMM vs in-house scripts
How PatchMon compares against the two options hosting providers typically consider for Linux server fleets.
| PatchMon | RMM tools | In-house scripts | |
|---|---|---|---|
| Pricing model | Per-host from $1/mo, volume discounts | Per-endpoint/month | Engineering time |
| Linux server fleet focus | First-class | Afterthought | Depends on build |
| FreeBSD support | Yes, pkg | No | Depends |
| OpenSCAP compliance | Built in | Bolt-on or none | Integrate yourself |
| Regional data residency | UK, DE, FR, US | Vendor region | Your network |
| Agent footprint | Single Go binary, 100MB cap | Heavy agent stack | Depends on build |
| Vendor lock-in | None, exportable | High | None |
Everything a hosting NOC actually needs
PatchMon brings patching, compliance scanning, and browser SSH/RDP into one product so your NOC is not juggling separate SKUs just to correlate OpenSCAP results with patch state. Community is AGPLv3 self-managed on your stack; Cloud tiers bundle managed hosting and support with transparent per-host pricing.
- OpenSCAP CIS benchmarks and Docker Bench compliance scans
- APT, DNF, YUM, APK, Pacman, FreeBSD pkg, and Windows package managers
- Outbound-only WebSocket agents for tight customer firewalls
- Remote SSH and RDP in the browser, session-recorded
- Automated patch policies, maintenance windows, and scheduling
- Alerting via email, Slack, Discord, ntfy, and generic webhooks
- Full REST API and webhooks for provisioning automation
- OIDC SSO for staff and role-based access control
- Per-host Cloud pricing from $1/host/month, with volume discounts at scale
- Regional Cloud instances in UK, DE, FR, and US
How a hosting NOC rolls it out
Four steps from first conversation to patch visibility across your Linux fleet.
Talk to us
Tell us about your customer mix, compliance needs, and existing stack. We will scope a deployment that fits, including region selection (UK, DE, FR, US).
Install the agent on your first nodes
One-line agent install on a pilot fleet. Outbound-only WebSocket, 100MB memory cap, so it sits inside tight VPS resource budgets without complaint.
Review the patch landscape
The dashboard shows every enrolled node's patch state, compliance posture, and pending security updates, with OpenSCAP scan results and package inventory.
Approve and roll out at scale
Define patch policies, maintenance windows, and AUP thresholds. Wire alerts into your NOC tooling and scale the rollout across the whole fleet.
Hosting provider FAQ
How do you work with hosting providers today?
Hosting provider deployments are handled as bespoke engagements right now, not a self-serve tier. We work with you to understand your customer mix, compliance requirements, and existing stack, then scope a deployment that fits. Get in touch and we will walk through the options with you directly.
How does billing scale for hundreds of customer nodes?
PatchMon Cloud is priced per host, starting at $1/host/month on Starter. At hosting-provider scale we negotiate volume discounts so the per-host rate drops as the fleet grows. Get in touch and we will quote a rate that reflects your actual node count.
Does it work behind tight customer firewalls?
Yes. Agents connect outbound over WebSocket to your PatchMon instance, so there are no inbound firewall rules required on customer hosts. The only network path that needs approval is a single outbound hostname and port.
How do agents behave on shared or overcommitted VPS nodes?
The agent runs with GOGC=50, a 100MB memory limit, and GOMAXPROCS=2, so it holds a tight resource budget even on 1 vCPU / 512MB VPS plans. Package inventory and compliance scans run on a schedule rather than continuously, and the agent reports back over a single outbound WebSocket, not a polling loop.
Can I brand the UI?
Yes. PatchMon supports custom logos, favicons, and instance names so the UI carries your brand. Email notifications and the web UI both respect the branding you configure.
What about data residency?
PatchMon Cloud runs in UK, DE, FR, and US regions. You pick the region at signup and your data stays in that region. Regional infrastructure is operated on ISO 27001 / ISO 9001 certified infrastructure.
Book a demo
15-minute call, no sales pitch. We'll show you the dashboard, agent deployment, and answer your questions.
Iframe blocked? Book directly at cal.com/9-technology-group/patchmon-demo.
Ready to bring your fleet under patch monitoring?
Three typical engagement bands for hosting and infrastructure providers. Tell us what you run and we will scope a deployment that fits. No per-endpoint fees.
Under 1,000 servers
PatchMon Cloud per-host pricing works as-is. Outbound-only agents fit tight customer firewalls, no ingress rules required.
1,000 – 10,000 servers
Volume pricing with a scoped per-host rate. Typical conversation covers region choice, agent rollout, and reporting handover.
10,000+ servers / regulated
Bespoke engagement. Dedicated deployment, custom reporting, and options for self-hosted Community Edition with vendor support via PRO.