What it creates
A VM appliance, Docker Compose runtime, local PostgreSQL, portal endpoint, agent API listener, package cache, and certificate authority.
Single-tenant
Run TvRMM in infrastructure you control.
The customer-owned path keeps the server runtime, database, package cache, bootstrap secrets, and trust roots inside your tenant or private VM boundary.
What you own
The database, PKI boundary, bootstrap values, update-worker status, network rules, and endpoint trust roots remain in your environment.
How agents connect
Agents enroll once, persist identity locally, and use outbound mTLS for heartbeat, audit, monitoring, command polling, patching, and terminal relay.
How updates flow
Owners approve release targets. The host-side update worker validates manifests and artifact hashes before refreshing the appliance.
Related Azure reliability work
If lab or utility endpoints run on Azure Spot VMs, SpotStarter.app is the adjacent vanRoojen project focused on recovery after Spot eviction. TvRMM manages endpoints; SpotStarter helps bring disposable Azure Spot infrastructure back when Azure removes it. Portfolio reference: vanroojen.com/products/spotstarter.html.