GLPI — ITSM, CMDB & Service Desk
An operated platform, not an installed helpdesk
A CIO almost never buys "GLPI". They buy a reliable, secure, maintainable ITSM platform that will still be running cleanly five years from now. Convergent provides the architecture, hardening, migration, operations and full lifecycle — on an open-source infrastructure we control end to end.
Everything that happens after the install
Installing GLPI takes an afternoon. Keeping it in production for five years, across two major version upgrades, a directory change and an audit, is a different job. That is the one we do.
- Deployment and hardening — installation on dedicated infrastructure, application and database roles separated, strict TLS, security headers, least-privilege service accounts.
- Migration — from your existing GLPI instance, or from another ITSM tool. Tickets, assets, users and history carried over, with a full dry run before cutover.
- Major version upgrades — GLPI 10 to 11 and beyond: every extension's compatibility validated first, executed on a copy, with a documented rollback plan.
- Backup and continuity — encrypted, immutable backups, proven by real restores. The question is never "do you back up?" but "when did you last restore?".
- Monitoring and availability — the application, the database and the scheduled tasks are all watched. Redundant architectures where criticality justifies them.
- Directory and authentication — wired into your LDAP / Active Directory or your identity provider, with profile and entity synchronisation, enforcing your own strong-authentication policy.
- Mail — mail collectors, notifications, templates, and SPF / DKIM / DMARC alignment so GLPI's notifications actually reach the inbox.
- Inventory and agents — GLPI Agent rolled out across the estate, SNMP network discovery and inventory, and automatic CMDB feeding from your existing monitoring tools.
- Plugin lifecycle — an inventory of what is installed, compatibility checks before every upgrade, updates from verified sources, and removal of whatever is no longer maintained.
What you get on top
We have been running GLPI for our own operations for years, and we wrote what was missing: vulnerability intelligence applied to your estate, ready-to-send inventory reports, automatic CMDB feeding, governed internal communications. Those extensions run on the instances we host, with no additional licence. Read the full article →
Your data stays yours
GLPI is free software, and your instance is one. Your tickets, your inventory, your CMDB and your history live in GLPI's standard, documented schema. If you leave, you leave with it: a full database export, your documents, and the data of every standard and publicly available plugin. No proprietary format on the core.
GLPI is not a standalone application
An ITSM holds the complete map of your information system: who owns what, which version runs where, which contractors have access. It is a target. So we deploy it as the critical asset it is, inside an infrastructure we design and operate in full.
All of it hosted on Proxmox VE, in isolated, backed-up virtual machines. Every brick is open source, documented and replaceable — including by you, including without us.
The question few GLPI hosts ask
"Is your GLPI exposed to the Internet?" If the answer is yes, then so is the directory of your entire estate. Cybersecurity is where we come from: we treat your ITSM as the sensitive system it actually is.
Shrink the exposed surface
Perimeter filtering and application inspection with OPNsense and Zenarmor, network segmentation between application, database and administration, and exposure cut to the strict minimum — or to nothing at all, behind controlled remote access.
Control who gets in
Authentication wired to your LDAP / Active Directory or your identity provider, enforcing your own strong-authentication policy, with permissions riding on GLPI's profile and entity model — never bypassed.
Protect endpoints and servers
Host detection and response with Bitdefender EDR, system hardening, and monitoring of scheduled tasks and database access.
Survive an incident
Encrypted, immutable backups — an attacker who gains administration cannot erase the backup history. Restores tested, not assumed.
Code written like security code
Our extensions follow the OWASP ASVS standard: parameterised queries, no concatenated SQL, secrets encrypted at rest by GLPI's own key store and never logged, TLS verification on by default, SSRF guards on every outbound call.
Know what happened
Access logging and audit trails free of personal data, retained according to your policy. An audit asking "who changed this ticket, and when?" must get an answer.
Measure your exposure before discussing it
Pharos establishes your Cyber Exposure Index: compromised credentials, exposed services, domain impersonation, and financial risk quantification. pharos.tn ↗
Most providers say "we install GLPI"
We take on the platform's entire lifecycle, from scoping to decommissioning. Every stage produces a written, versioned deliverable — and it belongs to you.
GLPI configured for your organisation, not straight out of the box
The difference between an installed GLPI and an operated one lives in the configuration — the kind that takes weeks to design and that no setup wizard will ever produce.
- Entity hierarchy and multi-company deployments — subsidiaries, sites, contractors: each sees what concerns them, and nothing else.
- Rules engine — automatic assignment, categorisation and routing of tickets and assets, driven by your own criteria.
- SLAs and service levels — commitments per category and per entity, escalations, deadline alerts, and attainment reporting.
- Automatic actions — scheduled tasks, follow-ups, closures and notifications, tuned so they do not drown your teams.
- Dashboards — operational indicators for technicians, steering indicators for management.
- GLPI Agent inventory and network discovery — hardware and software estate kept current automatically, with no double entry.
- Plugin governance — what is installed, why, who maintains it, and what becomes of it at the next major upgrade.
We also build
When your process fits none of the existing boxes, we design the extension that is missing — OWASP ASVS-compliant code, bilingual FR/EN, tested, documented, and upgrade-safe. Some of our extensions are published as open source on GitHub: you can judge our code before entrusting us with anything.
Why Convergent rather than a GLPI host?
- We don't sell GLPI hosting — we sell an operated ITSM platform — GLPI is the engine. The firewall, the storage, the virtualisation, the immutable backup and the monitoring around it come from the same integrator, with one person to call when something breaks.
- Security is where we come from, not an add-on — an ITSM maps your entire information system. We deploy it with the seriousness of an exposed asset: segmentation, directory-backed authentication, immutable backups, audit trails.
- Vendor neutrality and sovereignty — a fully open-source, auditable foundation, with no licence server and no imposed telemetry. Your data stays where your compliance needs it.
- Extensions included, not billed per seat — the capabilities we wrote for our own operations run on your instance with no additional licence. What we sell is the engineering and the operations that keep them running.
- Everything is written down — architecture, procedures, decisions. Your internal auditors get documented answers, and your team stays autonomous if you decide to take over.
GLPI is an open source project distributed under the GPL — glpi-project.org. Convergent is not affiliated with Teclib.
Let's talk about your ITSM platform
Whether you already run GLPI and want it secured, you are preparing a major upgrade, you are migrating from another ITSM, or you are starting from a blank page — Convergent brings the architecture, the deployment, the operations and the support to make it a platform that lasts.
Going further: Why host your GLPI with Convergent