Architecture
SlimRMM follows a modern, microservices-inspired architecture with clear separation of concerns between components.
System Components
Backend Server (FastAPI)
The backend is the central orchestration point for the entire RMM system.
Technology Stack:
- Framework: FastAPI 0.128+
- Database: PostgreSQL 14+ (production) or SQLite (development)
- Cache/Queue: Redis 7+
- ORM: SQLAlchemy 2.0+ with async support
- Authentication: JWT + MFA (TOTP/WebAuthn)
Responsibilities:
- Agent registration and lifecycle management
- Real-time WebSocket communication
- User authentication and authorization
- Patch policy management and execution
- Vulnerability scanning and reporting
- Audit logging
Frontend Dashboard (Vue 3)
A modern, responsive web interface for managing your infrastructure.
Technology Stack:
- Framework: Vue 3.5+ with Composition API
- Build Tool: Vite 7+
- Language: TypeScript 5.9
- State Management: Pinia 3+
- UI Components: Radix Vue + Tailwind CSS
Features:
- Real-time agent status via WebSocket
- Interactive terminal and file browser
- WebRTC-based remote desktop
- Comprehensive admin console
- Dark/Light theme support
- Multi-language (EN/DE)
Agent (Go)
Lightweight client that runs on managed systems.
Technology Stack:
- Language: Go 1.22
- WebSocket: gorilla/websocket
- System Metrics: gopsutil
Characteristics:
- ~10MB binary size
- ~20MB RAM usage
- Cross-platform (Windows, Linux, macOS)
- mTLS authentication
- Auto-update capability
Communication Flow
Agent Registration
mermaid
sequenceDiagram
participant Agent
participant Backend
participant Admin
Agent->>Backend: POST /api/v1/agents/register
Note over Agent,Backend: UUID, hostname, OS, arch
alt Enrollment Token Valid
Backend->>Agent: APPROVED + certificates
else No Token
Backend->>Agent: PENDING
Admin->>Backend: Approve Agent
Backend->>Agent: APPROVED + certificates
end
Agent->>Backend: WebSocket Connect (mTLS)
Backend->>Agent: Connection EstablishedReal-Time Communication
mermaid
sequenceDiagram
participant Frontend
participant Backend
participant Agent
Frontend->>Backend: WebSocket Connect
Agent->>Backend: WebSocket Connect (mTLS)
loop Heartbeat
Agent->>Backend: Ping
Backend->>Agent: Pong
end
Frontend->>Backend: Execute Command
Backend->>Agent: Command Message
Agent->>Backend: Command Result
Backend->>Frontend: Result UpdateMonitoring & Alerting
mermaid
flowchart TD
A[Background Task] -->|Every 10s| B{Check Policies}
B --> C{Agent Offline?}
B --> D{CPU > Threshold?}
B --> E{RAM > Threshold?}
B --> F{Disk > Threshold?}
C -->|Yes| G[Create Alert]
D -->|Yes| G
E -->|Yes| G
F -->|Yes| G
G --> H[Send Email]
G --> I[Browser Notification]
G --> J[Store in DB]Data Flow
Agent Data Collection
Agents periodically collect and report:
| Data Type | Interval | Description |
|---|---|---|
| Heartbeat | 30s | Connection status |
| System Metrics | On demand | CPU, RAM, Disk, Network |
| Software Inventory | 30min | Installed packages |
| Service Status | 30min | Running services |
| User Accounts | 30min | System users |
| OS Information | 30min | OS version, hostname |
Data Storage
PostgreSQL Database
├── agents # Agent records
├── users # User accounts
├── certificates # mTLS certificates
├── monitoring_alerts # Alert history
├── patch_policies # Patch configurations
├── patch_executions # Execution logs
├── scripts # Script library
├── script_executions # Script logs
├── vulnerabilities # CVE tracking
├── software # Software inventory
├── cpu_info # CPU specifications
├── memory_info # Memory details
├── network_interfaces # Network config
├── audit_logs # Action audit trail
└── ...Security Architecture
Authentication Layers
┌─────────────────────────────────────────┐
│ User Authentication │
│ ┌─────────────────────────────────┐ │
│ │ JWT Tokens (15min/7day) │ │
│ ├─────────────────────────────────┤ │
│ │ MFA: TOTP or WebAuthn │ │
│ ├─────────────────────────────────┤ │
│ │ Argon2 Password Hashing │ │
│ └─────────────────────────────────┘ │
└─────────────────────────────────────────┘
┌─────────────────────────────────────────┐
│ Agent Authentication │
│ ┌─────────────────────────────────┐ │
│ │ mTLS with Client Certs │ │
│ ├─────────────────────────────────┤ │
│ │ CA-Signed Certificates │ │
│ ├─────────────────────────────────┤ │
│ │ Certificate Pinning │ │
│ └─────────────────────────────────┘ │
└─────────────────────────────────────────┘Network Security
- All connections use TLS 1.3
- Agent communication uses mutual TLS (mTLS)
- WebSocket connections are authenticated
- Rate limiting on all endpoints
- IP blocking capability
Deployment Patterns
Single Server
Suitable for small deployments (< 500 agents):
┌────────────────────────────────────────┐
│ Single Server │
│ ┌─────────┐ ┌─────────┐ ┌─────────┐ │
│ │ Backend │ │ Frontend│ │PostgreSQL│ │
│ └─────────┘ └─────────┘ └─────────┘ │
│ ┌─────────┐ │
│ │ Redis │ │
│ └─────────┘ │
└────────────────────────────────────────┘High Availability
For larger deployments:
┌─────────────────────────────────────────────────────────────┐
│ Load Balancer │
│ (SSL Termination) │
└──────────────────────────┬──────────────────────────────────┘
│
┌──────────────────┼──────────────────┐
│ │ │
▼ ▼ ▼
┌─────────┐ ┌─────────┐ ┌─────────┐
│Backend 1│ │Backend 2│ │Backend N│
└────┬────┘ └────┬────┘ └────┬────┘
│ │ │
└────────────┬────┴─────────────────┘
│
┌────────────┴────────────┐
│ │
▼ ▼
┌─────────┐ ┌─────────┐
│PostgreSQL│ │ Redis │
│ Primary │ │ Cluster │
└─────────┘ └─────────┘Directory Structure
Backend
rmm-backend/
├── app/
│ ├── api/ # Route handlers
│ ├── core/ # Configuration, security
│ ├── models/ # SQLAlchemy ORM models
│ ├── services/ # Business logic
│ ├── schemas/ # Pydantic validation
│ ├── middleware/ # Custom middleware
│ └── main.py # Application entry
├── alembic/ # Database migrations
└── docker-compose.ymlFrontend
rmm-frontend-new/
├── src/
│ ├── api/ # API client modules
│ ├── components/ # Vue components
│ ├── composables/ # Reusable logic
│ ├── stores/ # Pinia state
│ ├── views/ # Page components
│ ├── router/ # Vue Router
│ └── main.ts # Application entry
└── vite.config.tsAgent
rmm-agent/
├── cmd/
│ └── slimrmm-agent/
│ └── main.go # Entry point
├── internal/
│ ├── actions/ # Command implementations
│ ├── config/ # Configuration
│ ├── handler/ # Message handling
│ ├── monitor/ # System monitoring
│ └── security/ # Security features
└── go.mod