Phases I–III — Research, Architecture & Design
Foundation complete. Every decision documented. Every component designed before a line of code was written.
43 Architectural Decision Records decided
Full module design documents across all phases
Full API surface definition — 11 modules + platform
Portal wireframes and UX design system
PostgreSQL data model — core, config, and module schemas
Configuration Registry — 9-table scope-tree, drift detection
Security design — trust boundaries, secrets, signing keys
Observability design — OTel tracing, VictoriaMetrics, Grafana
42 repos created — all public, branch-protected, CI wired
cloudsmith-sdk — 12 platform interfaces + fakes + test harness
Core Platform Delivery
The foundation everything else runs on — API, portal, agent, relay, identity, secrets, and Azure deployment. Security hardening and operator docs in progress.
cloudsmith-core — runtime, RBAC engine, event bus, Configuration Registry
cloudsmith-api — REST API, OpenAPI, auth middleware, OTel tracing
cloudsmith-portal — web portal SPA (inventory, cluster health, Module Catalog)
cloudsmith-agent — Windows Service for managed Hyper-V hosts
cloudsmith-relay — LAN relay bridge, mTLS WebSocket to PaaS, agent enrollment
cloudsmith-identity — first-run wizard, local admin bootstrap, Keycloak, Entra SSO
cloudsmith-secrets — Key Vault (PaaS) and PostgreSQL-encrypted (on-prem)
cloudsmith-cluster-mgmt — cluster registration and health management
cloudsmith-inventory — hardware and VM inventory
Azure deploy via azd — ACA + Key Vault + managed identity (Option A & B)
Security hardening — CORS, ForwardedHeaders, Swagger gated, TLS
Operator documentation — install guide, relay + agent setup, prerequisites
E2E test suite — automated verification of all PaaS deployment flows
Core Platform Delivery
All installer modes verified end-to-end on Windows Server 2022 and 2025. Standalone deployment production-ready.
Online installer — deploy from internet-connected Windows Server
Bundled installer — airgap-ready, all dependencies packed
Appliance mode — pre-built VHD with CloudSmith pre-configured
Windows Server 2022 and 2025 — all modes verified
On-premises operator docs — install, upgrade, and day-two runbooks
E2E verification — all three installer modes × two OS versions
Shipped with Core Platform
cloudsmith-sdkShipped
Platform SDK — 12 interfaces, fakes, and module test harness. The contract every module implements against.
cloudsmith-coreShipped
Runtime engine, RBAC, IPlatformEventBus, Configuration Registry, and shared platform primitives.
cloudsmith-identityShipped
First-run setup wizard, local admin bootstrap, Keycloak integration, and optional Entra SSO.
cloudsmith-secretsShipped
Secrets management — Azure Key Vault for PaaS, AES-256-GCM PostgreSQL-encrypted store for on-prem.
cloudsmith-cluster-mgmtShipped
Cluster registration, health tracking, and management operations for Hyper-V and WSFC clusters.
cloudsmith-inventoryShipped
Hardware and VM inventory — hosts, NICs, storage, CPUs, memory — collected by the agent and relay.
In Progress
cloudsmith-monitoringIn Progress
Azure Monitor Workspace + DCR pipelines for PaaS. VictoriaMetrics for standalone on-prem. Grafana dashboards.
cloudsmith-cliIn Progress
Cross-platform
cs CLI — cluster, deploy, module, runner, job, and watch commands.cloudsmith-powershellIn Progress
CloudSmithPS PowerShell module — Connect-CloudSmith, Get-CSCluster, Invoke-CSJob, module management cmdlets.
Planned — Post-Core
cloudsmith-deploy-hypervPlanned
Hyper-V and WSFC cluster deployment automation — bare-metal to production cluster, Forge blueprints.
cloudsmith-planningPlanned
Pre-deployment planning wizard — sizing, BOM generation, hardware manifest signing, capacity modeling.
cloudsmith-hardware-dellPlanned
Dell iDRAC and OpenManage integration — firmware inventory, BIOS config, hardware health, lifecycle ops.
cloudsmith-hardware-generic-redfishPlanned
Generic Redfish provider — HPE iLO, Lenovo XCC, DataOn, and any DMTF Redfish-compliant BMC.
cloudsmith-troubleshootPlanned
AI-assisted troubleshooting — log analysis, event correlation, guided remediation, as-built doc generation.
cloudsmith-azurelocalPlanned
Azure Local (HCI) cluster deployment pipeline — full lifecycle management for Azure Local environments.
Overlay Modules — Roadmap
cloudsmith-mspRoadmap
MSP multi-tenancy — tenant isolation, per-tenant RBAC, billing hooks, and white-label portal.
cloudsmith-security-complianceRoadmap
Security posture — Defender for Servers, CIS benchmark scanning, vulnerability management.
cloudsmith-governanceRoadmap
Policy-as-code, drift detection, compliance reporting, and Azure Policy alignment.
cloudsmith-finopsRoadmap
FinOps and cost reporting — resource cost attribution, utilization analysis, right-sizing recommendations.
cloudsmith-bcdrRoadmap
Backup visibility and DR orchestration — Commvault, Veeam, and Azure Backup integration.
cloudsmith-itsmRoadmap
ITSM integration — ServiceNow incident, change, and CMDB sync for CloudSmith-managed infrastructure.
cloudsmith-siemRoadmap
Security event forwarding — syslog, CEF, and Microsoft Sentinel connector for security telemetry.
Advanced Capabilities
Workload expansion, integrations, and platform extensions — applicable across both delivery tracks.
AKS on Azure Local
Azure Virtual Desktop (AVD + FSLogix)
VMware / Nutanix migration tooling
Decommissioning and retirement workflows
Workload optimization and right-sizing
Terraform / Pulumi / Bicep IaC provider
Future — Later Releases
Parking lot items. No committed timeline — evaluated after the core platform matures.
Multi-cloud resource inventory (AWS / GCP via Azure Arc connectors)
MCP Server (Model Context Protocol integration)
FedRAMP / IL4 compliance posture
Bare-metal PXE provisioning
SaaS managed offering