groundskeeper v0.38.0
Self-Hosted — Privacy-First — Windows Server 2022

The IT dashboard
built for school networks.

Self-hosted. Privacy-first. Groundskeeper brings your entire school IT estate—21 connectors, local AI, instant alerts—into a single dashboard. Your data never leaves your network.

View on GitHub Read the Docs →
Groundskeeper v0.38.0

[INFO] Loading config.yaml...

[INFO] 21 connectors registered

[OK] Ollama reachable — llama3.1:8b

[OK] Scheduler started — all connectors active

[OK] Licence valid — Standard tier

[INFO] Dashboard at http://localhost:8000

[READY] Groundskeeper is watching

21
Connectors
7
AI Providers
11
Dashboard Views
£0
Community Edition

Core Pillars

Everything a school IT team actually needs.

The Technical Feed

A chronological, deduplicated event stream across all your connectors. Criticals surface immediately with instant email or Teams alerts. OK events suppressed for 60 minutes so you see what matters, not what's chattering.

CRIT — Meraki MX: WAN failover detected
WARN — Veeam: backup job failed (Finance-DC)
OK — M365: all services healthy

The AI Copilot

Runs entirely on your server via Ollama. No data leaves your network. Hit “Why?” on any alert for a plain-English explanation. Morning summaries auto-generated every 5 minutes. Also works via Azure OpenAI, Anthropic Claude, Google Gemini, or OpenAI.

AI › The Veeam failure on Finance-DC is likely a VSS writer timeout. Check the Windows Event Log on that server for VSS errors around the job start time...

The SLT View

A read-only traffic-light dashboard for Senior Leadership Teams. No jargon, no noise—just red/amber/green for each service area. Instant load, no AI dependency. Safe to share with a headteacher.

Internet
Email (M365)
Backups
MIS (Bromcom)

Instant Alerts

Critical events trigger immediate email alerts with quiet hours support so you're not paged at 2am for a non-issue. Teams and Slack webhooks also supported for channel notifications.

MAT Hub

Multi-Academy Trust dashboard aggregates traffic-light status across all schools into a single trust-wide view. Each school keeps its own self-hosted instance—no central cloud dependency.

Live Network Diagram

Data-driven SVG network diagram built from live config and connector status. Click nodes for detail. Exports to SVG. Auto-refreshes every 2 minutes.

Connector Ecosystem

Plug in. Pull data. Stop tab-switching.

Read-only connectors that never modify your systems. GDPR-friendly—data stays on your network.

Cloud & SaaS

Cisco Meraki
Devices, MT sensors, multi-org
Action1 RMM
EU/US/AU regions, patch status
Microsoft 365
Service health via Graph API
Veeam Backup
Job status, failure alerts
MIS Status
Bromcom, Arbor status pages
School Services
16 UK services incl. ParentPay, Wonde, RM Unify

Security

Domain Security
SPF, DMARC, DKIM, TLS, HTTPS, change detection
WatchGuard Firebox
Firewall health and status
WatchGuard Endpoint
Endpoint security status
SSL Cert Monitor
Expiry alerts, cert chain checks

Infrastructure

Windows Server
CPU, memory, disk, services
Windows Clients
Endpoint health via GKAgent
Hyper-V
VM health and state monitoring
Active Directory
Health checks, lockout alerts
Windows Event Log
Critical event ingestion
DNS / DHCP
Scope utilisation, service health
Internet Health
Connectivity and latency checks
Endpoint Reports
Disk space and Win11 readiness

Hardware

HP / Aruba Switches
SNMP polling, port status
UPS Monitoring
Battery and load via SNMP
Dell iDRAC
Server hardware health

New in v0.38.0

GKAgent — Windows client visibility via GPO.

A lightweight PowerShell agent deployed to Windows client machines via Group Policy. Checks in every 5 minutes, reporting health data back to the Groundskeeper dashboard. No WinRM, no third-party agent framework—just a signed installer and a GPO.

  • Inno Setup installer — deploy via GPO startup script
  • NSSM-managed Windows service, survives reboots
  • Students cannot stop it (restricted service DACL)
  • Online / offline / stale status card on the dashboard

GPO Deployment

1Copy GKAgentSetup.exe to SYSVOL share
2Add GPO Computer Startup script
3Deploy ServerIP.txt via GPO Preferences
Devices appear in dashboard within 5 minutes

Windows Installer

One installer. No Python required.

The Groundskeeper Windows installer bundles everything—Python runtime, all dependencies, NSSM service wrapper. Run the wizard, click Next three times, and your school estate is being monitored. Uninstall cleanly from Add/Remove Programs.

  • Next / Next / Install wizard
  • Registers as a Windows service automatically
  • Opens setup wizard on first run
  • Built via GitHub Actions on every release
Download Latest Release

Groundskeeper Setup

1Welcome & licence agreement
2Choose install location
3Install & register Windows service
Setup wizard opens in browser

Project Roadmap

Where we are. Where we’re going.

Epic 1 — Core Platform

Complete

FastAPI backend, APScheduler, SQLite, connector base class with deduplication, pluggable AI (Ollama, Azure, Anthropic, Gemini, OpenAI), full settings UI, first-run setup wizard, SLT traffic-light view, Windows service via NSSM.

Epic 2 — Phase 1 Connectors

Complete

8 connectors: Meraki, Action1 (multi-org, multi-region), Microsoft 365, Veeam, MIS Status (Bromcom/Arbor), Domain Security (SPF/DMARC/DKIM/TLS), Internet Health, Endpoint Reports.

Epic 3 — Phase 2 Connectors

Complete

13 further connectors: WatchGuard Firebox and Endpoint, HP/Aruba Switches (SNMP), UPS (SNMP), Dell iDRAC, Windows Server, Windows Clients, Hyper-V, Active Directory, Windows Event Log, DNS/DHCP, SSL Cert Monitor, School Services.

Epic 4 — Intelligence & Notifications

Complete

Immediate critical alerts with quiet hours. Teams/Slack webhooks. Weekly email digest. Ask Groundskeeper from Microsoft Teams via Copilot Studio bot. AI context enrichment with numeric metrics grounding answers.

Epic 9 — MAT & Commercial

Complete

Multi-Academy Trust hub view. Licence key system with four tiers (Ed25519 offline + Cloudflare call-home). Windows installer (.exe). Live network diagram. GitHub Actions CI/CD for automated release builds.

Epic 15 — GKAgent Windows Client Agent

Complete

Lightweight PowerShell agent deployed via GPO. NSSM-managed service with Inno Setup installer. Dashboard agent status card (online/offline/stale). Shared-secret authentication. Restricted service DACL so students cannot stop it.

Post-Launch — v1.x Connectors

Planned

Jamf School MDM, Entra Connect heartbeat, Smoothwall / Lightspeed filtering appliances, InVentry / Sign In App, PaperCut MF, Paxton door access, Synology / QNAP NAS, sensor readings history.

Pricing

Free for single schools. Built for MATs.

Community Edition is free forever. Paid tiers unlock priority support and trust-wide features.

Community
£0
Free forever
  • All 21 connectors
  • Local AI (Ollama)
  • SLT view
  • Community support
StandardPopular
£149/yr
Per school
  • Everything in Community
  • Priority support
  • Managed connector updates
  • Teams Copilot Studio bot
Pro
£199/yr
Per school
  • Everything in Standard
  • Cloud AI providers
  • Weekly AI health report
  • Phone support
Trust
£499/yr
Whole trust
  • Everything in Pro
  • MAT Hub dashboard
  • Unlimited schools
  • Dedicated support

Community

Help shape what we build next.

Sign in with your Microsoft account to suggest and upvote connectors and features. Your school’s priorities drive the roadmap.

Votes are authenticated via Microsoft account — one vote per person, no farming.

Your estate. Your network. Your data.

Groundskeeper runs on Windows Server 2022 with Python 3.12. Browse the source, read the docs, or download the latest release.

Download Latest Release Read the Docs