Agent trust
Agents use client certificates and trust bundles. The server signs enrollment certificates and rejects deleted endpoint identities at agent-facing handlers.
Security
Endpoint authority stays explicit.
TvRMM is designed around certificate-based agents, session-authenticated portal routes, role-gated mutations, and clear tenant boundaries.
Human access
Portal routes require sessions. Mutating handlers are gated by viewer, operator, admin, owner, and platform-admin capabilities.
Tenant boundaries
Hosted SaaS separates customers by tenant and organization scope. Single-tenant deployments keep the runtime and data boundary in customer-owned infrastructure.
Deletion cleanup
Deleting an endpoint queues uninstall, soft-deletes the row, revokes client certificates, updates CRLs, and lets a sweeper finalize cleanup.
Evidence beyond the portal
For teams that need an independent evidence trail outside the RMM database, AttestLog is the naturally related vanRoojen project.