Purpose-Built for Network Operations
A United States company solving network configuration management challenges since 2009.
Built by Network Engineers, for Network Engineers
ConfigGuard™ was born from a simple observation: the tools available for managing network configurations were either too generic to be useful or too narrowly focused on a single vendor. Network operations teams were stuck cobbling together scripts, spreadsheets, and TFTP servers to maintain something resembling version control for their device configurations.
We set out to build the tool we wished existed — a single platform purpose-built for the specific workflows of network operations: collecting configurations automatically, tracking captured changes, supporting change control workflows, and providing the operational awareness that keeps teams aligned across shifts.
ConfigGuard is not a feature bolted onto a monitoring product. It is not a generic IT service management platform with a configuration add-on. It is a dedicated network configuration management and change assurance system, designed and developed in the United States from the ground up for the people who keep networks running.
ConfigGuard was founded and developed in the United States by a U.S. Marine Corps veteran, bringing a mission-focused approach to network operations.
The On-Premise Philosophy
Your network configurations contain the operational blueprint of your infrastructure — access lists, routing policies, security rules, VLAN segmentation, authentication parameters. This data describes exactly how your network is built and how it can be accessed.
We believe this data belongs on your network, under your control. ConfigGuard is delivered as on-premise software, installed by our team as a Linux software appliance in your VMware or Proxmox environment, or directly on physical hardware. Your configuration data is stored and processed entirely on your network — no cloud services are required for core operation, and no configuration data is transmitted externally.
This is not a philosophical stance against cloud computing. It is a practical engineering decision about where sensitive network infrastructure data should be stored and processed. For many organizations, especially those in regulated industries, the answer is clear.
Engineering & Architecture
Built for performance, security, and reliability in production network environments.
Hardened Linux Appliance
ConfigGuard installs as a purpose-built Linux software appliance — on a VM in your VMware or Proxmox environment, or directly on physical hardware. The operating system is hardened during installation, and the entire platform runs self-contained with no required cloud services for core operation.
Native C++ Engines
Performance-critical operations — device polling, port mapping, and network discovery — run in native C++ engines built for speed and efficiency at scale. Tested and proven at scale with hundreds of devices.
SSH Communication
All device communication uses SSH for secure, encrypted transport. Configuration collection, discovery, and port mapping all operate over encrypted channels.
Modern Authenticated Encryption
Device credentials are encrypted at rest using modern authenticated encryption — tamper-evident by design and never stored in plaintext. Passwords are only decrypted in memory at the moment of use.
TOTP Multi-Factor Authentication
RFC 6238-compliant time-based one-time passwords. Compatible with Google Authenticator, Authy, and any standard TOTP app. Backup codes for account recovery.
Compliance Alignment
ConfigGuard is designed to align with the frameworks your auditors evaluate — helping your team produce the evidence reviewers expect.
ITIL
Change Management, Configuration Management, Asset Management, and Incident Management. ConfigGuard's change assurance workflow maps directly to ITIL change management processes.
HIPAA
Access Controls, Audit Controls, Integrity Controls, Authentication, and Backup & Recovery. ConfigGuard provides technical controls that support HIPAA Security Rule requirements for the network infrastructure carrying PHI.
NIST CSF
Identify (discovery, inventory), Protect (config management, backup, MFA), Detect (polling, change detection), Respond (notifications, turnover), Recover (backup/restore, config repository).
What’s New in 3.4 “Aegis”
Major capabilities introduced in the current release.
Lifecycle Change Notifications
End-to-end change assurance with one-click status transitions, automated stakeholder distribution, and reference-counted Maintenance status tracking across devices and sites.
Blast Radius Analysis
L3 routing impact and VLAN gateway analysis with exportable SVG network maps and PDF reports — understand the consequences of a change before you make it.
IP Address Management
A unified IPAM view built from discovery seeds, routing tables, ARP data, and device inventory — no separate database to maintain.
DNS & Firewall Helper
PSL-aware domain parsing for accurate eTLD+1 resolution, plus a firewall helper that turns hostnames into broad or narrow scope IP ranges for ACL construction.
Pre/Post Pingsweep Validation
Automated ICMP sweeps capture network reachability before and after changes, then highlight what came back online and what did not.
Expanded Multi-Vendor Support
Native parsing added for Aruba AOS & CX, Extreme EXOS, and Ubiquiti UniFi for configuration collection and discovery, alongside Cisco, Arista, Juniper, Palo Alto, and Fortinet platforms.