Microsoft 365, Google Workspace, licensing and endpoints. Comprehensive operational administration, hardware procurement, and zero-touch deployments.
The canonical 2026 SMB server-room blueprint: Proxmox cluster, IaC-defined hosts, immutable golden images, automated patching, and a rebuild procedure anyone in the team can execute in under 90 minutes. Migration path from pets to cattle in 9 months.
Pragmatic field reports on infrastructure, cloud economics, security posture and platform engineering — straight to your inbox.
Business email only. Confirmation email sent. Every email has a one-click unsubscribe.
The 2026 reference network stack for a 50-300 seat EU SMB — firewall, switching, wireless, ZTNA, identity, endpoint, EDR, observability, backup, compute — with per-layer reasoning across 23 production deployments. Compliance-aware, budget-aware, operational-team-aware.
3-2-1 was right for 2008. 2026 needs 3-2-1-1-0: three copies, two media, one off-site, one immutable air-gapped, zero errors in the last restore test. The minimum viable backup posture for an EU SMB, mapped to DORA / NIS2 / ISO 27001.
VLAN design patterns for shared-office buildings with 3-15 tenants. Trunk topologies, VRF-per-tenant, DHCP scoping, captive portals, QoS for shared uplinks, and the GDPR addenda that lease templates do not yet include.
IPsec, WireGuard mesh, and SD-WAN compared against three real multi-office deployments. Decision matrix scoring throughput, latency, failover behaviour, operational complexity, vendor lock-in, and 5-year TCO from €13k to €265k.
Platform engineering at SMB scale — the 15% of the FAANG playbook that produces ROI on a 10-person IT team. Four patterns that work, four anti-patterns, and a reference stack (GitHub + Atlantis + Terraform + Vault + Prometheus) that ships in a quarter.
WireGuard vs IPsec measured side-by-side over 4 years in production. Throughput, latency, failover, operational complexity, key management. The hybrid pattern (IPsec backbone + WireGuard overlay) that consistently produces the best outcomes.
A €200/month Prometheus + Grafana + Loki + Alertmanager stack for the 50-person SMB. Real configs, real dashboards, real alert rules, and the TCO break-even (around 150 hosts) where self-hosted tips back toward managed SaaS.
Zero-Trust at €5k of CAPEX. VLAN segmentation, 802.1X with RADIUS, ZTNA overlay (Tailscale / Twingate / Cloudflare), host-level nftables, monthly policy review. 80-85% of enterprise micro-segmentation value for under 5% of the cost.
Three real hotel deployments — UniFi at 60 rooms, Meraki at 180 rooms, Aruba at 320 rooms — measured against the same RF survey + acceptance criteria. The vendor quirks the datasheets do not surface, and 5-year TCO per room ranging from €80 to €750.
Making observability produce signal instead of noise. SLO-based alerting with error-budget burn rates, the four-level alert hierarchy (page / ticket / notice / log), Alertmanager inhibit rules, dashboard discipline, and the post-mortem-to-runbook pipeline that compounds operational quality.
Building Internal Developer Platforms on Backstage + Terraform + ArgoCD for the 50-100 engineer company. The three templates that matter most, the service-catalogue discipline, and the measured impact: deploy frequency 5-6x, time-to-first-deploy hours instead of days.