Case study

SysWard

A Linux patch management platform that scaled from 1 customer to thousands of agents at $1/month each — without sacrificing engineering simplicity.

Visit SysWard →

The problem

Enterprise Linux patch management has always had a strange shape. Big companies pay tens of thousands per year for tools like Red Hat Satellite, BigFix, or Tanium that solve the problem at scale but require complex licensing, dedicated infrastructure, and a learning curve measured in months. Small and mid-sized companies — the people running 50 to 5,000 Linux servers — get nothing affordable, so they end up running Ansible playbooks at 3am and hoping their server fleets do not drift.

The opportunity was clear: a patch management platform with the feature parity of enterprise tools, the simplicity of cloud-native SaaS, and pricing that did not require a procurement department to evaluate. The hard part was making it actually work — across 12 different Linux distributions, with both SaaS and self-hosted deployment models, at $1 per agent per month margins.

Our approach

We started SysWard with a small operational target: support Ubuntu and CentOS, run as a hosted SaaS, and price flat per agent. We built a Go agent that runs on the customer's servers, reports system state and available packages to a central API, and executes patch jobs scheduled through a web dashboard. The architecture had to assume agents could be offline, behind NAT, or running on slow hardware — and that the platform itself had to be cheap to operate.

Over time we expanded to 12 supported distributions (Ubuntu, Debian, RHEL, CentOS, Rocky Linux, Amazon Linux, SUSE, Fedora, Oracle Linux, VzLinux, Alma Linux, Arch). Each distribution has its own package manager quirks, its own CVE feed format, and its own update semantics. The agent abstracts these differences; the API treats every host the same way.

The self-hosted deployment was added later, by customer demand. The challenge was making the same codebase run as a multi-tenant SaaS or as a single-tenant on-prem deployment without forking. We solved it with a feature-flag-driven configuration layer and the same Go binary plus a Postgres database — no container orchestration, no microservice sprawl, no licensing tier complexity. Same product, two deployment shapes.

Stack

Backend

  • Go
  • PostgreSQL
  • Redis
  • sqlc

Agent

  • Go
  • Cross-compiled binary
  • 12 Linux distros supported

Frontend

  • Server-rendered Go templates
  • Tailwind CSS
  • HTMX for interactivity

Infrastructure

  • Kubernetes (SaaS)
  • Single-binary deploy (self-hosted)
  • PostgreSQL

Observability

  • Prometheus
  • Grafana
  • Structured logs

Distribution

  • CVE feeds (12 sources)
  • Package metadata APIs
  • Repository mirrors

Outcome

SysWard has been in continuous production since 2014 — over 12 years at the time of writing. The platform supports all 12 major Linux distributions in active use across enterprise infrastructure today. Pricing has stayed at $1 per agent per month for both deployment models, which has been a defining product position: the price point makes the platform accessible to small DevOps teams that would never approve a five-figure annual procurement.

The product runs at low operational cost because the architecture is deliberately simple — one Go binary, one Postgres database, no microservice complexity. New distributions are added by writing a small adapter, not by re-architecting the platform.

Most importantly, the engineering investment has compounded. Patterns developed for SysWard — agent design, multi-tenant data isolation, SaaS-or-self-hosted dual deployment — became the foundation for the other BlueScripts products and for how we approach client engagements.

What we learned

  • Pricing constraints force engineering simplicity. $1/agent/month meant we could not afford a complex stack — and that constraint produced a more reliable system.
  • SaaS-and-self-hosted from one codebase is achievable but requires deliberate boundaries. Feature flags over forks. Configuration over conditionals.
  • Distribution-agnostic agents abstract the right boundary. The agent knows how to handle apt, yum, dnf, zypper, and pacman; the platform never has to.
  • Long-running products earn trust through consistency. SysWard's pricing has not changed in 12 years. Customers do not have to re-evaluate annually.
  • The patterns we used to build our own product transfer directly to client engagements. Same architectural defaults, same operational standards.

Have a project that needs the same standards?

Email us a paragraph about what you are building. We respond within one business day.

[email protected]