security - AVM 360
Security & Deployment

Your Security Requirements. Your Deployment Model.

Every organisation has different security requirements. AVM-360 is the only AV monitoring platform that adapts completely to yours — from fully air-gapped on-premise to full cloud — with the same capabilities across all options.

Start Free Trial → Deployment Guide
🔒Data sovereignty options
☁️Cloud or on-premise
🛡️Encrypted communication
⚙️Least-privilege access
🔒 Choose Your Deployment Path
AV Devices Crestron·Cisco·Poly Local Collector NUC / Windows VM VLAN only 🔒 Then, your choice: 🏢 On-Premise Data never leaves your network 🔀 Hybrid Status-only to cloud data stays local ☁️ Full Cloud Your cloud or AVM-360 Azure Max Security Balanced Cloud-first
Our Security Philosophy

We Meet You Where Your Security Posture Is — Not Where It's Convenient for Us

Most monitoring platforms force you to compromise your security requirements to use their product. AVM-360 was architected from day one to adapt to your environment — the platform is the same, the deployment model is your choice.

3 Deployment Options

Choose the Model That Fits Your Security Requirements

All three models use a local collector on your VLAN to communicate with AV devices. What changes is where the management platform sits — and who controls it.

1

Full On-Premise Deployment

Client VM or NUC · AVM-360 deploys and configures · Data never leaves your network
🏢 Maximum Security
🏢 YOUR NETWORK — EVERYTHING STAYS INSIDE 📺 Display 🎙️ DSP 🎥 Camera AV Devices (VLAN) 🔒 Local VLAN only 📡 Local Collector NUC or Windows VM Internal network 💻 Your Dashboard Inside your network 🚫 NO DATA LEAVES YOUR NETWORK — EVER · COMPLETE AIR-GAP POSSIBLE

How It Works

The entire AVM-360 platform — collector, database, and web interface — runs inside your network on a Windows VM or NUC. AVM-360 deploys it remotely. Once live, you manage everything locally. Zero data ever leaves your network perimeter.

  • Platform hosted on your Windows VM or NUC inside your network
  • AVM-360 handles full remote deployment and initial configuration
  • AV device data collected locally — never transmitted externally
  • Dashboard accessed from within your internal network only
  • Remote access via TeamViewer or equivalent for ongoing AVM-360 support
  • All data sovereignty requirements met by design
Ideal for
HealthcareGovernmentFinance DefenceRegulated industries
✓ What we need from you
  • • Windows 10/11 VM or NUC (8GB RAM, 100GB disk)
  • • VM must be on the same VLAN as your AV devices
  • • TeamViewer (or equivalent) for remote deployment
  • • Device IP list, MAC addresses, and credentials
Required Network Ports
HTTPS (logo/updates)443 TCP
Email alerts (SMTP)587 TCP
SQL Server (if used)1433 TCP
2

Hybrid Deployment

Local collector on your network · Only status summaries pushed to cloud · Raw device data stays on-site
🔀 Balanced Control
🏢 YOUR NETWORK 📺 Devices VLAN 📡 Local Collector NUC / Windows VM ✓ STAYS LOCAL: Raw device traffic · Credentials & IPs · Network topology · Config data Device authentication · Firmware details · All proprietary protocol data spacer STATUS ONLY → 🔒 Encrypted ☁️ CLOUD DASHBOARD 📊 Read-Only Dashboard Multi-site status view & alerts → CLOUD RECEIVES: Online/offline status · Alert triggers Uptime metrics · Room/device names

How It Works

A local collector on your VLAN polls AV devices directly and translates complex multi-vendor data into lightweight JSON status packets. Only those sanitised status summaries are pushed to a cloud dashboard — raw device traffic and credentials stay on-premise.

  • Local collector on your VLAN handles all device communication
  • Only anonymised status data (online/offline, error codes) goes to cloud
  • Device credentials, IPs, and raw traffic stay on-premise at all times
  • Cloud dashboard provides read-only visibility for multi-site overview
  • Outbound port 443 (HTTPS) and 587 (SMTP) required on the local gateway
Ideal for
Multi-site enterprisesEducation Corporate HQMSPsHospitality
✓ Stays on your network
  • • All raw AV device traffic and packets
  • • Device credentials and authentication data
  • • Network topology and IP schema
→ What the cloud receives
  • • Device online/offline status
  • • Error codes and alert triggers
  • • Uptime metrics for reporting
  • • Device/room name (configurable)
3

Full Cloud Deployment

Local collector still required on your VLAN · Platform on your cloud or AVM-360 Azure
☁️ Fastest Setup
🏢 YOUR NETWORK — ALWAYS REQUIRED 📺 Devices VLAN 📡 Local Collector NUC / VM — Required Always needed — AV devices only speak on the local VLAN Translates device data to encrypted JSON status packets 🔒 Encrypted HTTPS ☁️ CLOUD PLATFORM OPTION A 🏢 Your Cloud AWS · Azure · GCP You control hosting — OR — OPTION B ☁️ AVM-360 Azure Fully managed · SLA Zero infra overhead Full Features: Dashboard · AI Diagnostics · Multi-site · White-label · API · Ticketing Integration Encrypted in transit and at rest · Role-based access enforced · Daily backups (Option B)

How It Works

A local collector on your VLAN still handles all AV device communication — this is always required since AV devices speak proprietary protocols on your local network. The management platform, database, and dashboard are hosted in the cloud: either on your own infrastructure or in AVM-360's managed Azure environment.

  • Local collector on VLAN handles all device communication (always required)
  • Option A: Deploy the platform on your own AWS, Azure, or GCP
  • Option B: AVM-360's managed Azure — zero infrastructure overhead
  • Full feature set including AI diagnostics, multi-site, and white-label
  • AVM-360 Azure includes managed updates, backups, and 99.9% uptime SLA
Ideal for
IntegratorsMSPsSMB Cloud-first orgsRapid deployment
AVM-360 Azure Managed (Option B) — Included
  • • Fully managed Azure hosting — AVM-360 handles infrastructure
  • • Automatic platform updates and security patches
  • • Daily backups with point-in-time recovery
  • • 99.9% platform uptime SLA
  • • Data residency options available on request
Local collector always needed because…

AV devices (Crestron, Biamp, Cisco etc.) communicate via Telnet, SSH, REST, and SNMP — protocols that only operate inside your local network. There is no way to poll them directly from the cloud. The local collector bridges this gap and sends only status packets outward.

Quick Comparison
Feature On-Premise Hybrid Full Cloud
Data leaves your networkNeverStatus onlyStatus + config
Local collector requiredYesYesYes
Cloud dashboardRead-onlyFull access
Who hosts the platformYou (on-prem)MixedYou or AVM-360
Best for regulated industries✓✓✓✓✓
Security Architecture

Security Isn't an Add-On — It's the Foundation

Every layer of AVM-360 is built with security as the default. These apply across all three deployment models.

🔐

Least-Privilege Access

Every user, service, and process has only the minimum access required — nothing more, nothing less.

🔒

Encrypted Communication

All data in transit is encrypted — between collector and cloud, and between users and the dashboard.

👥

Role-Based Access Control

Granular RBAC for technicians, administrators, facility managers, and read-only client users.

📡

Local Collector Architecture

The collector is the only component that talks to AV devices. It never exposes raw device traffic externally.

🗂️

Secure Document Storage

Room schematics and device credentials protected with role-based access and optional password protection.

🔍

Audit Trail & Logging

All user actions, device changes, and remote commands are logged — full audit trail for compliance.

Security Questions

Answers to the Questions Your Security Team Will Ask

Can we run this with zero data leaving our network?

Yes — with Full On-Premise deployment, the entire platform runs inside your network. No data of any kind is transmitted externally. Designed specifically for air-gapped and highly regulated environments.

What exactly is transmitted to the cloud in Hybrid?

Only sanitised status summaries — device online/offline state, error codes, and uptime metrics. Raw device traffic, credentials, and network topology all remain on-premise.

Do you store device credentials?

Device credentials are stored on the local collector only — inside your network. They are never transmitted to or stored in the cloud under any deployment model.

Which cloud does AVM-360 use for its managed option?

Microsoft Azure. Data residency options are available on request. All data is encrypted at rest and in transit, with daily backups and a 99.9% uptime SLA.

Can we deploy on our own AWS, Azure, or GCP?

Yes — Full Cloud Option A. We deploy the platform on your own cloud infrastructure, giving you full control of the hosting environment while AVM-360 manages the application layer.

What access does AVM-360 need to our environment?

Remote access to the local collector only via TeamViewer or equivalent — scoped to the collector. We do not require access to your broader network, Active Directory, or other infrastructure.

Talk to Us

Not Sure Which Model Fits Your Security Posture?

Our team works with your IT and security stakeholders to recommend the right deployment model for your environment.

Talk to Our Team → Read Deployment Guide
info@avm-360.com · We respond to every enquiry
Useful Links
Our Solutions