home / services

IT Services

IT Services That Work
for Your Business

Thirteen service areas. Every project is fixed-price, fully documented, and handled by the same engineer from start to finish.

// Infrastructure 3 services
01 Server Setup & Management project

We design, build, and manage the servers your business depends on. File storage, internal applications, databases — we handle the setup and keep everything running. You get hardware that belongs to you, not a rental in someone else's data center.

Who it's for

Businesses replacing aging hardware, teams moving away from cloud services, or anyone who needs a reliable server they actually own.

What you get

Your files and apps are always available
Hardware you own and control
Problems caught before they affect your business
Clear documentation so you're never locked in
02 Data Storage & Backup project

Your business data is protected with automatic, tested backups and enterprise-grade storage. If a file gets deleted or a drive fails, we can restore it. Your records are never one accident away from being gone.

Who it's for

Any business that can't afford to lose its records — especially medical offices, law firms, and accounting practices.

What you get

Automatic daily backups
Fast recovery when something goes wrong
Protection against accidental deletion, hardware failure, and ransomware
Regular backup tests so you know it works
03 Virtualization project / retainer

Run multiple separate systems on a single server — cleanly isolated so they can't interfere with each other. Reduces hardware costs and keeps your business systems organized.

Who it's for

Growing businesses that need multiple servers but want to consolidate hardware and cost.

What you get

Lower hardware costs
Clean separation between different systems
Easier backups and recovery
Scales as your business grows
// Security & Compliance 5 services
04 Network Security project / retainer

We secure your network against the threats that matter most: ransomware, unauthorized access, and data leaks. If your business handles patient records, client files, or financial data, this isn't optional.

Who it's for

Healthcare practices, professional services firms, and any business handling sensitive data.

What you get

Protection against ransomware and intrusion
Controlled access — only the right people get in
Monitoring to catch threats before damage is done
Written documentation of your security setup
05 Managed Security Monitoring managed / retainer

Continuous visibility into what's happening across your systems — powered by Wazuh, deployed on your own infrastructure. We deploy, tune, and actively monitor your environment around the clock so threats are caught and logged before damage is done. Compliance reports included.

Who it's for

Healthcare practices, financial firms, and any business under compliance obligations (HIPAA, PCI DSS, SOC 2) or anyone who needs to know when something is wrong before their users do.

What you get

Real-time alerts on intrusion attempts, privilege escalation, and anomalous activity
File integrity monitoring — know immediately if a critical file is modified
Centralised log collection and analysis across all your systems
Compliance reporting for HIPAA, PCI DSS, and GDPR out of the box
Self-hosted — your logs never leave your infrastructure
Active 24/7 environment monitoring — we watch it, not just the software
06 Firewall Setup & Management project / retainer

A properly configured firewall is the foundation of network security. We deploy and manage pfSense and OPNsense — enterprise-grade open source firewalls that give you full visibility and control without vendor licensing fees. No black-box appliances, no surprise subscription costs.

Who it's for

Businesses replacing consumer routers, those needing proper network segmentation, or anyone whose current firewall is a box they don't fully understand.

What you get

VLAN segmentation — guest, staff, servers, IoT all isolated
IDS/IPS to detect and block suspicious traffic
Documented ruleset you can understand and audit
Ongoing rule management and firmware updates
07 Patch Management & Hardening managed / retainer

Unpatched systems and default configurations are the most common entry point for attackers. We put your servers on a documented patch schedule, harden them against CIS benchmarks, and keep a written change log — the kind auditors and insurers actually want to see.

Who it's for

Healthcare practices, legal firms, and any organisation under compliance obligations — HIPAA, PCI DSS, cyber insurance — that needs to demonstrate due diligence.

What you get

Scheduled OS and software patching across all systems
CIS benchmark hardening applied and documented
Written change log suitable for compliance audits
Emergency patching for critical CVEs
08 Vulnerability Scanning project / retainer

Know your exposure before an attacker does. We run scheduled vulnerability scans using OpenVAS and Greenbone against your infrastructure and deliver written remediation reports — not just a raw list of CVEs, but a prioritised plan for what to fix and in what order.

Who it's for

Organisations with compliance requirements, cyber insurance obligations, or those who want a regular check on their security posture. Pairs naturally with Wazuh monitoring.

What you get

Scheduled scans of your full network and exposed services
Written remediation report with prioritised findings
Tracked remediation — we verify fixes are in place
Historical scan comparison to show improving posture over time
// Connectivity & Privacy 2 services
09 VPN Setup & Management project / retainer

Secure remote access and site-to-site connectivity built on WireGuard — fast, modern, and far simpler to audit than legacy VPN protocols. Whether your team works remotely or you need to connect multiple offices, we design, deploy, and document the whole setup.

Who it's for

Businesses with remote workers, multi-site offices, or anyone who needs secure access to internal systems without exposing them to the internet.

What you get

Secure remote access for your team from anywhere
Site-to-site tunnels connecting offices or servers
Kill-switch and split-tunnel configuration
Full documentation and peer configs for every device
10 DNS & Internal PKI project / retainer

Every DNS query your business makes is a record of what you're doing. We replace Google and Cloudflare DNS with a self-hosted resolver — Unbound or BIND — and build an internal certificate authority so your internal services have real TLS without a third party involved.

Who it's for

Privacy-conscious organisations, businesses running internal services, and anyone who wants their DNS traffic to stay on their own network.

What you get

DNS queries stay on your network — no Google or Cloudflare visibility
Internal hostnames for servers, printers, and services
Internal CA for valid TLS on private services
DNS-level ad and malware blocking built in
// Cloud & Support 3 services
11 Business Email managed

Private, reliable business email on infrastructure you control — not Gmail or Microsoft 365. Your messages stay on your systems. No third-party company reading your correspondence.

Who it's for

Businesses and practices where email privacy matters — especially legal, medical, and financial organizations.

What you get

Full control over your business email
No Google or Microsoft access to your messages
Works with any email client (Outlook, Apple Mail, etc.)
Backed up and recoverable
12 Cloud Environment Management retainer / project

Already on AWS or Azure and need someone to manage it properly? We take over day-to-day operations — cost optimisation, security hardening, IAM cleanup, and ongoing support. We're not here to sell you more cloud; we're here to make sure what you're already paying for is actually configured correctly.

Who it's for

Businesses with existing cloud infrastructure that has grown without a dedicated engineer — overspending, poor IAM hygiene, or no one who truly understands the environment.

What you get

Cost review and rightsizing — stop paying for what you don't use
IAM audit and cleanup — least-privilege access enforced
Security hardening aligned with AWS/Azure best practices
Ongoing operational support and change management
13 Ongoing Support & Consulting retainer / project

Your on-call IT team, without the cost of a full-time hire. We handle questions, changes, and emergencies. You get a real person who knows your setup — not a help desk reading from a script.

Who it's for

Businesses without in-house IT, or those whose current support is slow, expensive, or hard to reach.

What you get

Fast response from someone who knows your system
No explaining your setup from scratch every time
Budget-friendly alternative to a full-time IT hire
Available for both routine and emergency needs

process

How an Engagement Works

No retainer required to start a conversation. Every project gets a fixed-price scope with no hourly billing surprises.

01

Tell Us What You Need

Describe the problem. We ask a few questions and help you figure out what you actually need. No commitment required. The conversation is free.

02

We Scope It and Price It

We write a clear scope document with a fixed price. What's included, what's not, and what you'll have at the end. You review it before anything starts.

03

We Build It

We do the work, keep you updated, and handle any surprises that come up. No disappearing for two weeks and resurfacing with a surprise invoice.

04

You Get the Keys

Every engagement ends with written documentation. You own the system and understand what we built. Ongoing support available if you want it.

Under the Hood

For the technically curious

Every tool here has been used in production. No checkbox certifications, actual operational experience.

stack.manifest
×
$ cat stack.manifest
[os] FreeBSD  ·  OpenBSD  ·  OmniOS (Illumos)  ·  Ubuntu  ·  Debian  ·  Fedora  ·  Windows Server
[virt] bhyve  ·  FreeBSD Jails  ·  Proxmox VE  ·  KVM/QEMU
[storage] OpenZFS  ·  zfs-auto-snapshot  ·  NFS  ·  SMB/CIFS  ·  iSCSI
[network] pf  ·  pfSense  ·  OPNsense  ·  Cisco  ·  Fortigate  ·  WireGuard
[mail] Postfix  ·  Dovecot  ·  rspamd  ·  Roundcube  ·  DKIM  ·  SPF  ·  DMARC
[monitor] Prometheus  ·  Grafana  ·  syslog-ng  ·  S.M.A.R.T.
[siem] Wazuh  ·  OpenSearch  ·  OSSEC  ·  FIM  ·  SCA
[vuln] OpenVAS  ·  Greenbone  ·  CIS Benchmarks
[dns] Unbound  ·  BIND  ·  Step-CA  ·  internal PKI
[cloud] AWS  ·  Azure  ·  Terraform  ·  Ansible  ·  Docker  ·  Kubernetes
[lang] Go  ·  Python  ·  Bash  ·  .NET  ·  TypeScript

Ready to get started?

Tell us what you need. We'll scope it, price it, and handle it.

Start a Conversation View Hosting Plans