FAQ

Common questions.

Short answers for the things people usually want to know first. For deeper detail on any of these, talk to the founder — link at the bottom.

Which KVM-over-IP devices does KVM Fleet work with?
Dell iDRAC, HPE iLO, Supermicro IPMI/BMC, Lenovo XCC, and PiKVM. iDRAC / iLO / Supermicro / Lenovo XCC plug in via the Redfish standard with no agent installed on the BMC. PiKVM uses a 5 MB Go agent that tunnels outbound over HTTPS.

Is the audit log tamper-evident?
Yes. Every audit event is hash-chained with SHA-256 and signed with a customer-owned Ed25519 key — the platform never holds the private half. Database-level immutability is enforced via REVOKE UPDATE/DELETE/TRUNCATE plus a refusal trigger. Per-day Merkle root with offline inclusion proofs lets auditors verify any single event without disclosing the rest. Customers can re-walk the chain offline with the open-source kvmfleet-verify binary — no platform connection required.

Does KVM Fleet support SAML SSO?
Yes. SAML 2.0 SP-initiated SSO with Okta, Azure AD, Google Workspace, JumpCloud, OneLogin — anything that speaks SAML. Per-org IdP configuration, attribute mapping, optional JIT user provisioning.

Can Managed Service Providers (MSPs) use KVM Fleet for multiple customers?
Yes. MSP-flagged organizations can spin up managed customer organizations, switch into each customer's context with one click, and return to the MSP dashboard at any time. Each customer is an isolated organization with its own audit chain and Postgres row-level security scope. The Business tier includes 5 managed customer orgs; Enterprise is unlimited.

Where is KVM Fleet hosted?
Frankfurt-area data centre (Hetzner FSN1, Falkenstein, Germany). All customer data, audit logs and Postgres state remain in the EU. The platform is GDPR-aligned with a published Data Processing Addendum incorporating EU Standard Contractual Clauses Module 2. The operating entity is registered in Malta.

What compliance frameworks does KVM Fleet help with?
One-click PDF compliance evidence reports for NIS2, SOC 2 Type II, ISO/IEC 27001, GDPR, HIPAA, NIST SP 800-171, PCI DSS, UK Cyber Resilience, Essential Eight, PIPEDA and others. Each report maps the platform's audit log, role-based access control, just-in-time access workflow and compliance controls to the framework's specific clauses.

Is the agent source code open?
Yes. The agent source is published at github.com/KVMFleet/agent under the Apache 2.0 license — alongside the install.sh used by the curl-pipe install and a SECURITY.md with our reporting channel + response SLA. The audit-chain verifier is published at github.com/KVMFleet/audit-verify under BSL-1.1 (converts to Apache 2.0 four years after each release). The read-only MCP server for AI assistants is published at github.com/KVMFleet/mcp under MIT. The multi-vendor BMC Redfish client is published at github.com/KVMFleet/bmc-adapters under Apache 2.0. The 4-rule access-control policy engine is published at github.com/KVMFleet/policy-engine under Apache 2.0.

Does KVM Fleet work with on-premises or self-hosted deployments?
The platform runs as a managed SaaS today, EU-hosted. Self-hosted / on-premises deployment is available for enterprise customers under annual contract — contact sales for details.