Why host your GLPI with Convergent
GLPI is free software. You can install it yourself in an afternoon. So why have it hosted? Because the value was never in the installation — it is in everything that comes after.
Stock GLPI is an excellent foundation. It is a foundation.
A freshly installed GLPI does what it says on the tin: a service desk, an inventory, entities, profiles. That is already more than many organisations have today.
Then the questions start arriving, and the foundation stops:
- “Which of our 400 workstations run software affected by a critical CVE published last month?”
- “Get me the full inventory for that subsidiary — machine age included, and the warranties about to expire.”
- “Our switches are already in our network monitoring system — why are we retyping them into the CMDB?”
- “We need to warn only the technicians of the Southern entity about Saturday’s maintenance — and keep a record of who approved the send.”
- “How long did that incident last, and where does it leave our error budget?”
GLPI answers none of these out of the box. The usual response is to buy another tool. For each of them.
What you get on top, with us
We have been running GLPI for our own operations for years. Every time something was missing, we wrote it. Those extensions run on the instances we host — included, with no additional licence and no paid module to unlock:
- Vulnerability intelligence applied to your estate. Your software inventory is continuously cross-referenced against the public CVE database. Every asset carries the list of vulnerabilities that affect it, sorted by CVSS severity. No scanner, no agent installed on your machines: it is a cross-reference of the inventory GLPI already holds. By default nothing leaves your instance — any sharing of anonymised statistics is off, and stays an explicit decision of yours.
- Asset documents you can actually send. A per-entity inventory report (with or without sub-entities), including the real age of each asset — reconstructed from financial records, firmware dates or, failing that, first inventory — and warranty expiry. Exportable as CSV, PDF or a print-ready page, for an auditor, an insurer or a board.
- A CMDB that fills itself. Your network equipment is already known to your monitoring tools. We import it into GLPI automatically, read-only on the source side, refreshed on a schedule. You stop maintaining two inventories that disagree with each other.
- Targeted, governed internal communications. Address an announcement to the exact intersection of an entity and a profile, with recipient preview, an approval workflow (the author is not the approver), scheduled or recurring sends, and delivery statistics. Your maintenance notices stop travelling through hand-exported Outlook lists.
- SRE-grade incident handling. Incident timelines, SLOs and error budgets visible from inside GLPI, for teams who run availability and not just tickets.
- Privacy-respecting usage measurement. We know which pages of your GLPI are actually used, through analytics self-hosted on our servers — no third party, no data sent off the infrastructure.
- A controlled extension lifecycle. Extensions are installed and updated from verified source repositories, with hardened fetching, explicit version control and notification when an update is available. No code dropped in by hand over FTP.
The point that matters: none of it is sold separately. That is the difference between “managed GLPI at Convergent” and “GLPI hosted somewhere”.
Written like security code, because it is
An ITSM holds the complete map of your information system: who owns what, which version runs where, which contractors have access. It is a target.
Our extensions are written to the OWASP ASVS standard and its threat model: parameterised queries, no concatenated SQL, secrets encrypted at rest by GLPI’s own key store and never logged, TLS verification on by default, SSRF guards on every outbound call, and audit logs free of personal data. Permissions ride on GLPI’s own profile model — never bypassed.
The instance itself is hardened, backed up, monitored and patched by us. Your data stays where your compliance needs it to be.
Your data is yours. Our extensions are ours. Let’s be explicit.
Most hosting providers stay vague on this point. We would rather put it in writing before you sign, not on the day you leave.
What is yours, and stays yours: GLPI is free software, and your instance is one. Your tickets, your inventory, your CMDB, your users, your entities, your history — that is your business data, held in GLPI’s standard, documented schema. If you leave, you leave with it: a full database export, your documents, and the data of every standard and publicly available plugin. No proprietary format on the core, no encrypted component holding your operations hostage.
What stays ours: some of our extensions are published as open source — you can read that code today, in our public repositories. The others, the ones carrying the most value, are not. They are not handed over as source code, and their own tables are not part of the export: their database schema would reveal precisely what took us years to design.
Why that is in your interest too: it is exactly what lets us include them in the managed service with no additional licence, instead of billing them per seat per year the way a software vendor would. You are not paying for the intellectual property; you are paying for the engineering and the operations that run it for you.
We sell operations and engineering. We do not hold your data hostage — and we do not pretend to sign over our R&D either.
What managed operations cover
Installation and hardening, migration from your existing instance (or from another ITSM), GLPI and extension updates, backups, monitoring, support, and custom extension development when your process fits none of the existing boxes.
Already running GLPI, or considering it? See our GLPI ITSM & plugin services, or let’s talk about your instance. Some of our extensions are published on GitHub — start by reading that code.