Agent-based · Zero-config · Enterprise-grade
Deploy lightweight agents behind firewalls, NATs, and VPCs. Every check runs from inside your network. Multi-tenant isolation, RBAC, and audit trails included.
| Service | Status | Latency |
|---|---|---|
| payments-api | up | 9ms |
| auth-service | up | 11ms |
| postgres-primary | up | 5ms |
| redis-cache | up | 36ms |
| worker-queue | up | 48ms |
| vault-secrets | down | — |
| cdn-origin | up | 14ms |
| smtp-relay | up | 4ms |
Agents run behind firewalls and NATs, checking services that external tools can't reach. No VPN tunnels, no inbound ports, no attack surface.
Each tenant sees only their own monitors, agents, and incidents. RBAC with four roles, every action audited with user ID, IP, and timestamp.
Use our managed platform or deploy the hub in your own environment. Either way, agents connect outbound over WebSocket — no inbound ports required.
Built for teams that need to monitor internal infrastructure without exposing it to third parties.
HTTP, TCP, Ping, DNS, TLS certificate expiry, Docker containers, databases, system metrics, service processes, and port scanning.
PASS payments-api 12ms PASS postgres:5432 2ms PASS redis:6379 1ms FAIL vault:8200 timeout PASS tls:api.internal expiry 83d PASS port:web-server 3/3 open
Configurable failure threshold. Alert via Discord, Slack, Email, Telegram, PagerDuty, or webhooks.
#1042 vault:8200 OPEN ├ failure detected 09:41:03 ├ slack alert sent 09:41:04 ├ acknowledged 09:42:18 └ resolved TTR 3m48s 09:44:51
One curl command installs and starts the agent. Monitor configs are pushed over WebSocket — no config files, no restarts.
$ curl -sSL .../install | sh ✓ Downloaded agent (linux/amd64) ✓ Installed & started connected receiving 14 monitors
Complete data isolation between tenants. Four roles: super admin, tenant admin, user, viewer. Every role change is audited.
tenants: acme-corp 3 users 12 monitors globex-inc 5 users 8 monitors initech 2 users 6 monitors isolation: strict cross-tenant queries: 0
Every login, monitor change, role assignment, and incident action. Timestamped with user IDs and IP addresses.
login admin@acme.com 10.0.1.4 09:30 create monitor/pg-primary 09:31 update role → tenant_admin 09:32 delete monitor/old-cache 09:35 logout admin@acme.com 10:15
Monitor counts, agent slots, and feature access scale with your plan. Upgrade anytime from the dashboard.
plan: Enterprise monitors 47 / unlimited agents 4 / unlimited users 8 / unlimited features rbac, audit, multi_tenancy, portscan
Latency trends with avg/min/max breakdowns. TimescaleDB time-series bucketing across 1h, 24h, 7d, and 30d windows.
period avg min max p99 1h 12ms 8ms 34ms 28ms 24h 14ms 6ms 89ms 52ms 7d 13ms 5ms 210ms 67ms 30d 15ms 4ms 340ms 71ms
Expiry tracking, chain validation, SAN detection, and algorithm strength warnings. Know before your cert expires.
cert: api.acme.internal issuer Let's Encrypt R3 algo ECDSA P-256 strong SANs api.acme.internal, *.acme.io chain valid 3 certs expires 83d ok
Configurable SLA targets per monitor. 90-day rolling history with breach alerting and margin reporting.
monitor target actual margin payments-api 99.9% 99.97% +0.07% auth-service 99.9% 99.94% +0.04% postgres 99.99% 99.91% -0.08% redis-cache 99.5% 99.88% +0.38%
Schedule planned downtime per agent. Suppress incidents during maintenance with recurring schedules: daily, weekly, or monthly.
window agent status weekly-reboot prod-web scheduled db-migration db-primary active ├ incidents suppressed 02:00–03:00 └ info notification sent 02:00:01
Create public or private status pages showing real-time health of selected monitors. Share with customers or internal teams.
/status/acme/@ops/infrastructure API Gateway operational Authentication operational Database degraded CDN operational
Scan target hosts for open ports with automatic service identification. Detect versions, track changes over time, and alert when services appear, disappear, or upgrade.
scan: web-server ports: 22,80,443,3306 open 22/tcp OpenSSH 9.6 open 80/tcp nginx/1.25.4 open 443/tcp nginx/1.25.4 closed 3306/tcp mysql expected open changes: port 443 nginx/1.24 → nginx/1.25.4 version changed port 8080 new service detected: nodejs
Install an agent inside your network. It connects to the hub over an outbound WebSocket — no inbound ports, no VPN tunnels.
$ curl -sSL https://dashboard.towerguard.io/install | sh ✓ Downloaded agent (linux/amd64) ✓ Installed to /usr/local/bin/beacon-agent ✓ Systemd service created and started $ sudo systemctl status beacon-agent ● beacon-agent.service — active (running) Connected — receiving 14 monitors
Self-hosted? Point the agent at your own hub instead.
No per-host fees. No surprise bills. One license, flat rate.
Free Trial
30 daysFull platform access. 50 monitors, 10 agents, 20 users. Managed platform — no credit card required.
Professional
$634/mo
Enterprise
Recommended$1,260/mo
Start with a 30-day free trial — no credit card required. Early access: 50% off for our first 5 design partners.
Interested in Starter, Professional, or Enterprise? We'll get you set up within 24 hours.