Platform Architecture

Whether your IT infrastructure is traditional, virtualized, or a combination thereof, UpGuard provides you with the crucial validation to ensure that environments are secured and optimized for consistent, quality software and IT services delivery.

Achieve Digital Resilience

Our platform’s open, scalable architecture gives organizations comprehensive insight and awareness into their systems—even as they grow more complex and heterogenous with time. And as network perimeter lines are fast disappearing, security and quality must be baked-in and adaptable—in line with the high velocity changes characteristic of today’s organizations.

To this end, UpGuard's configuration integrity platform delivers the comprehensive visibility and validation critical for innovating safely and securely.

UpGuard Delivery Models

Deploy In The Cloud

Hosted UpGuard handles everything for you. Get started with a free account, connect the nodes you want to monitor, and let us– and our certified hosting providers– take care of the rest.

UpGuard in the cloud


UpGuard was born in the cloud and handles hybrid architectures seamlessly. A connection manager deployed behind your firewall stores all data and permits communication with your cloud apps over a secure port.

Hybrid model

On-Premise, On Your Terms

We deliver a secured virtual appliance as a self-contained "black box." No assembly required; just plug in the batteries and you're ready to start with UpGuard. Everything sits behind your firewall.

On premise

Frequently Asked Questions


What do I have? How is it configured? Is it secure?

UpGuard manages cloud applications, web servers, network devices, servers (both physical and virtual), databases, mobile devices and internet devices. UpGuard performs a non-intrusive, detailed discovery for each managed device to identify a host of important configuration items (CIs) that become the System of Record (SoR) of that device. The CIs are then run through our intelligent compliance engine, discovering any misconfigurations, missing patches, security vulnerabilities, and more.

How is it performing?

If something changes, what is the impact? Our Universal Automation Platform makes it easy to create policies to monitor the devices for configuration drifts and out-of-band changes, and to send alert notifications through our dashboard or 3rd party notification applications. In addition, UpGuard also has very powerful search and reporting capabilities allow you to search for and report on any detail about any CI across hundreds of thousands of nodes. If anything changes in the environment, our time-lapse changes view makes it very easy to determine which changes led to problems and the impact of the changes.

How do I fix it?

UpGuard boasts a host of out-of-box integrations to leading cloud platforms (AWS, Azure), DevOps platforms (Chef, Puppet), monitoring solutions (Splunk), security platforms (ArcSight) and more. These integrations allow you to easily plan and schedule your changes to minimize interruptions.

Is UpGuard secure?

Because UpGuard is built to create trust, security is our top priority. So much so that we built an entire page about it: Read more.

Do I need an on-premises UpGuard appliance or should I use the cloud-hosted option?

That depends on your needs. Both versions of the platform work identically, have the same feature set, and same recurring price. The only difference is the on-premises option requires a commitment of 100 or more nodes. Our engineers would be happy to discuss the details with your technical team to determine the best option for your company.

Is the on-premises device a virtual machine?

A: The UpGuard on-premises appliance typically takes the form of a virtual machine that our engineers send to your technical team and assist in powering on if necessary. In special cases where a situation absolutely requires a physical appliance, we can accommodate. Contact our engineers for more information.

What is a connection manager, and do I need one?

A: Depending on your infrastructure, placing a connection manager behind your firewall may be the simplest way to add your nodes to the platform. The connection manager is a virtual appliance that sits within your infrastructure and facilitates communication with the UpGuard platform.

What is the agentless option and why would I use it?

A: UpGuard has two ways of collecting data from most client nodes: Using an agent or going agentless. The use of an agent means installing a lightweight agent on the Windows or Linux machines you wish to monitor with UpGuard. By contrast, the agentless option involves the UpGuard platform or a local UpGuard connection manager connecting to the machines via SSH or WinRM to perform scans and gather information for UpGuard. Agentless is generally preferred by most customers, but for those whose nodes cannot be opened up to SSH or WinRM, use of an agent may be preferable. You can mix and match connection types for different servers at will depending on your needs.

Can I scan more on my nodes than just the default configuration items?

A: Yes! In fact, this is one of UpGuard's most powerful features. Any file, SQL query, or the output of any command can be treated as an object to be monitored. Even things like proprietary scripts which many admins have already built for their needs can be incorporated into UpGuard and their output monitored for change.

Can I hide certain files and folders from UpGuard?

A: Absolutely. Nodes are easy to customize and configuration items to scan can be added and removed as necessary.

Does UpGuard generate reports?

A: Yes. UpGuard can generate a variety of reports including daily drift reports, audit reports, and policy reports, and more. Many enterprises use UpGuard in place of legacy compliance reporting solutions. Contact our engineers for more information.

How does UpGuard alert me of changes?

A: By default UpGuard provides email-based alerting and drift reports and an in-app task manager notifying users of issues. These alerts can be customized, and your alerting/ticketing platform of choice can be integrated with UpGuard via our RESTful API.

Can I integrate with [x,y,z]?

A: Yes. UpGuard has an open and easy to use RESTful API that allows for easy integration with ticketing, alerting, and data analysis systems such as ServiceNow, JIRA, Splunk, PagerDuty, Slack, and so on. UpGuard's integrations with Chef, Puppet, Ansible, Salt, Docker, and PowerShell DSC come ready-to-use. Should you need assistance integrating with an esoteric or homespun solution, our deployment engineers would be happy to help.

How do I download the appliance?

A: Deploying an on-premises virtual appliance requires the assistance of our deployment engineers. Contact the team for more information. If you'd like to get started on your own, the cloud-hosted option is available at all times and free for your first 10 nodes.

How is UpGuard licensed?

A: Accounts under 10 nodes are free. We charge per node per year, with flexible billing options, so you only pay for what you use.

How do I get my CSTAR score?

A: The CSTAR score is a standard feature of a typical UpGuard deployment. After deploying UpGuard in your environment, the CSTAR will be calculated automatically and visible on the UpGuard dashboard.

Is this only for businesses, or can I use UpGuard for my personal servers?

A: By all means, we encourage users to use UpGuard wherever they feel it's appropriate. The cloud-hosted version of UpGuard is free for the first 10 nodes and in use by enthusiasts around the world monitoring personal game servers, file servers, IRC servers, and more