Managed ITSM platform

GLPI — ITSM, CMDB & Service Desk
An operated platform, not an installed helpdesk

A CIO almost never buys "GLPI". They buy a reliable, secure, maintainable ITSM platform that will still be running cleanly five years from now. Convergent provides the architecture, hardening, migration, operations and full lifecycle — on an open-source infrastructure we control end to end.

10 & 11GLPI versions supported
€0Licence per agent or per ticket
OWASP ASVSThe standard our code follows
FR · ENInterfaces and support
ITSM + CMDBOne single source of truth
Open sourceAuditable GPL foundation
Managed services

Everything that happens after the install

Installing GLPI takes an afternoon. Keeping it in production for five years, across two major version upgrades, a directory change and an audit, is a different job. That is the one we do.

  • Deployment and hardening — installation on dedicated infrastructure, application and database roles separated, strict TLS, security headers, least-privilege service accounts.
  • Migration — from your existing GLPI instance, or from another ITSM tool. Tickets, assets, users and history carried over, with a full dry run before cutover.
  • Major version upgrades — GLPI 10 to 11 and beyond: every extension's compatibility validated first, executed on a copy, with a documented rollback plan.
  • Backup and continuity — encrypted, immutable backups, proven by real restores. The question is never "do you back up?" but "when did you last restore?".
  • Monitoring and availability — the application, the database and the scheduled tasks are all watched. Redundant architectures where criticality justifies them.
  • Directory and authentication — wired into your LDAP / Active Directory or your identity provider, with profile and entity synchronisation, enforcing your own strong-authentication policy.
  • Mail — mail collectors, notifications, templates, and SPF / DKIM / DMARC alignment so GLPI's notifications actually reach the inbox.
  • Inventory and agents — GLPI Agent rolled out across the estate, SNMP network discovery and inventory, and automatic CMDB feeding from your existing monitoring tools.
  • Plugin lifecycle — an inventory of what is installed, compatibility checks before every upgrade, updates from verified sources, and removal of whatever is no longer maintained.

What you get on top

We have been running GLPI for our own operations for years, and we wrote what was missing: vulnerability intelligence applied to your estate, ready-to-send inventory reports, automatic CMDB feeding, governed internal communications. Those extensions run on the instances we host, with no additional licence. Read the full article →

Your data stays yours

GLPI is free software, and your instance is one. Your tickets, your inventory, your CMDB and your history live in GLPI's standard, documented schema. If you leave, you leave with it: a full database export, your documents, and the data of every standard and publicly available plugin. No proprietary format on the core.

Reference architecture

GLPI is not a standalone application

An ITSM holds the complete map of your information system: who owns what, which version runs where, which contractors have access. It is a target. So we deploy it as the critical asset it is, inside an infrastructure we design and operate in full.

All of it hosted on Proxmox VE, in isolated, backed-up virtual machines. Every brick is open source, documented and replaceable — including by you, including without us.

Security

The question few GLPI hosts ask

"Is your GLPI exposed to the Internet?" If the answer is yes, then so is the directory of your entire estate. Cybersecurity is where we come from: we treat your ITSM as the sensitive system it actually is.

Shrink the exposed surface

Perimeter filtering and application inspection with OPNsense and Zenarmor, network segmentation between application, database and administration, and exposure cut to the strict minimum — or to nothing at all, behind controlled remote access.

Control who gets in

Authentication wired to your LDAP / Active Directory or your identity provider, enforcing your own strong-authentication policy, with permissions riding on GLPI's profile and entity model — never bypassed.

Protect endpoints and servers

Host detection and response with Bitdefender EDR, system hardening, and monitoring of scheduled tasks and database access.

Survive an incident

Encrypted, immutable backups — an attacker who gains administration cannot erase the backup history. Restores tested, not assumed.

Code written like security code

Our extensions follow the OWASP ASVS standard: parameterised queries, no concatenated SQL, secrets encrypted at rest by GLPI's own key store and never logged, TLS verification on by default, SSRF guards on every outbound call.

Know what happened

Access logging and audit trails free of personal data, retained according to your policy. An audit asking "who changed this ticket, and when?" must get an answer.

Measure your exposure before discussing it

Pharos establishes your Cyber Exposure Index: compromised credentials, exposed services, domain impersonation, and financial risk quantification. pharos.tn ↗

Lifecycle

Most providers say "we install GLPI"

We take on the platform's entire lifecycle, from scoping to decommissioning. Every stage produces a written, versioned deliverable — and it belongs to you.

ScopingReal processes, perimeter, regulatory constraints and service objectives.
ArchitectureSizing, exposure, availability, backup and recovery plan.
DeploymentReproducible install, hardening, directory and mail integration.
MigrationData carry-over, dry run, cutover and rollback plan.
TrainingTechnicians, administrators and process owners — on your instance, with your data.
DocumentationArchitecture, operating procedures and a decision record. Auditable.
OperationsMonitoring, tested backups, security patching, support.
UpgradesExtension compatibility validated first, executed on a copy, reversible.
EvolutionNew entities, new processes, custom extensions where needed.
ReversibilityA full export of your data, or a clean, documented decommissioning.
Functional depth

GLPI configured for your organisation, not straight out of the box

The difference between an installed GLPI and an operated one lives in the configuration — the kind that takes weeks to design and that no setup wizard will ever produce.

  • Entity hierarchy and multi-company deployments — subsidiaries, sites, contractors: each sees what concerns them, and nothing else.
  • Rules engine — automatic assignment, categorisation and routing of tickets and assets, driven by your own criteria.
  • SLAs and service levels — commitments per category and per entity, escalations, deadline alerts, and attainment reporting.
  • Automatic actions — scheduled tasks, follow-ups, closures and notifications, tuned so they do not drown your teams.
  • Dashboards — operational indicators for technicians, steering indicators for management.
  • GLPI Agent inventory and network discovery — hardware and software estate kept current automatically, with no double entry.
  • Plugin governance — what is installed, why, who maintains it, and what becomes of it at the next major upgrade.

We also build

When your process fits none of the existing boxes, we design the extension that is missing — OWASP ASVS-compliant code, bilingual FR/EN, tested, documented, and upgrade-safe. Some of our extensions are published as open source on GitHub: you can judge our code before entrusting us with anything.

Why Convergent rather than a GLPI host?

  • We don't sell GLPI hosting — we sell an operated ITSM platform — GLPI is the engine. The firewall, the storage, the virtualisation, the immutable backup and the monitoring around it come from the same integrator, with one person to call when something breaks.
  • Security is where we come from, not an add-on — an ITSM maps your entire information system. We deploy it with the seriousness of an exposed asset: segmentation, directory-backed authentication, immutable backups, audit trails.
  • Vendor neutrality and sovereignty — a fully open-source, auditable foundation, with no licence server and no imposed telemetry. Your data stays where your compliance needs it.
  • Extensions included, not billed per seat — the capabilities we wrote for our own operations run on your instance with no additional licence. What we sell is the engineering and the operations that keep them running.
  • Everything is written down — architecture, procedures, decisions. Your internal auditors get documented answers, and your team stays autonomous if you decide to take over.

GLPI is an open source project distributed under the GPL — glpi-project.org. Convergent is not affiliated with Teclib.

Let's talk about your ITSM platform

Whether you already run GLPI and want it secured, you are preparing a major upgrade, you are migrating from another ITSM, or you are starting from a blank page — Convergent brings the architecture, the deployment, the operations and the support to make it a platform that lasts.

Going further: Why host your GLPI with Convergent