DATAROSS Start an assessment

Infrastructure you own. Compliance you can prove.

When your VMware renewal tripled, when an audit asks for evidence you don't have, when a vendor charges per device for tools that should be free — those are solvable problems. Open-source foundations. Documented outcomes. Nothing on this page you can't check.

The infrastructure behind this site is self-hosted and monitored — live status, right now →

VMware exit estimator

2026 Broadcom list · editable to your quote
$
$
Actual cores
16
Billed cores
72
Phantom tax
+56
Broadcom's 72-core order minimum bills you for 56 cores you don't physically have — the smaller your servers, the larger this tax.
VMware subscription / yr
$9,720
72 billed cores × $135
Open-source / yr
$2,200
$0 license · optional support
$7,520 First-year savings on this configuration
— and you own the platform outright.
Estimate only. Broadcom no longer publishes public pricing — figures use 2026 VVF list ($135/core) and the 16-core-per-socket / 72-core-order minimums. Enter your actual reseller quote for exact numbers. Open-source side assumes Proxmox VE (license $0) with an optional support subscription. Get an exact figure for your estate →
Why this is happening

You used to buy your software. Now you rent it — at a steep markup.

When Broadcom acquired VMware, perpetual licenses ended and everything became a subscription. For small estates the math is brutal — not because of the per-core rate, but because of the floor underneath it.

Perpetual licenses were eliminated in 2024; the model is subscription-only, billed per physical core instead of per CPU. Then the floor moved. A 16-core-per-socket minimum was followed by a 72-core minimum on new orders — so a single small server is billed for 72 cores whether it has them or not.

The pattern isn't unique to VMware. It's the playbook: acquire, consolidate into bundles, raise the floor, penalize late renewals. Your infrastructure shouldn't be a hostage to someone else's quarterly targets.

The exit isn't theoretical. The same workloads run on open-source platforms with equivalent capability — and the licensing leverage disappears, because there's no license to hold over you.

Pricing and minimums per independent 2026 Broadcom licensing analyses. Verify your own figures with a reseller quote — or model them above.

72 cores
Minimum billable order since April 2025 — regardless of actual core count
Subscription
Perpetual licenses ended 2024 — you no longer own what you pay for
+20%
Late-renewal penalty, applied retroactively, no grace period
350–450%
Cost increase reported by small businesses under the new model
Documented outcomes

Real numbers from real projects.

Not estimates, not marketing. Measured results with before-and-after evidence — the kind that survives a follow-up question.
Infrastructure · Scientific research firm

60+ VMs off VMware to Proxmox. Zero downtime.

After Broadcom's acquisition tripled their renewal, every virtual machine was migrated to an open-source hypervisor with equivalent capability. Production never went offline.

60%+
Annual licensing cut
0 min
Downtime
Security · Defense contractor

Insider incident: contained, preserved, restored — 48 hours.

An insider threat was identified and contained. Forensic evidence was preserved with full chain-of-custody for legal proceedings, affected systems were remediated, and monitoring was put in place to prevent recurrence.

48 hrs
To full remediation
Intact
Chain of custody
Infrastructure · 1,000+ device enterprise

Network rebuilt for 300+ users. Zero unplanned outages since.

A 100GbE backbone with proper security segmentation and built-in redundancy — designed to fail gracefully, so when hardware breaks, the network routes around it.

1,000+
Devices supported
0
Unplanned outages
AI integration · Technology company

Hybrid inference: local for routine, cloud for complex.

Data stays on owned hardware. Routine tasks run locally on GPUs; complex work escalates to cloud APIs only when needed. Cost drops, privacy improves, capability holds.

70–80%
Inference cost cut
6–12 mo
Hardware payback
How engagements run

The same disciplined sequence, every time.

No guessing, no assumptions. The process is identical whether you run ten servers or a thousand — and every phase produces evidence.

Reconnaissance

Before anything changes, your environment is mapped on the wire — every config, every firmware version, every gap. Missing data gets a script written to find it. Nothing is assumed.

Assessment

Every finding carries a confidence score. Where compliance applies — CMMC, NIST, FIPS — each control maps to evidence pulled from your actual systems.

Phased execution

Changes ship in phases with a rollback path at each step. One thing changes, gets verified, then the next. Every action is logged: who, what, when, where, why, how.

Verification & handoff

You receive complete documentation of what changed and why — the actual commands, configs, and before/after state. Anyone you hand it to picks up exactly where it left off.

Open-source foundation

Tools you can inspect, modify, and take with you.

No lock-in, no surprise licensing letters. Everything documented. Full catalog of 210+ tools →
Proxmox VE logo
Proxmox VEVirtualization
CephStorage cluster
WireGuard logo
WireGuardMesh VPN
Wazuh logo
WazuhSIEM / XDR
Graylog logo
GraylogLog management
UptimeKuma logo
UptimeKumaMonitoring
Tactical RMM logo
Tactical RMMRemote mgmt
UrBackupBackup / DR
iptables logo
iptablesFirewalling
Let's Encrypt logo
Let's EncryptSSL · auto-renew
Fail2ban logo
Fail2banIntrusion defense
Pi-hole logo
Pi-holeDNS
Operational infrastructure

Not a pitch. What's running right now.

Every line below is live automation against production infrastructure. The controls map to real standards, and the status is independently checkable.
75
Managed nodes
99.9%
Mesh uptime
24/7
Monitoring
L2
CMMC alignment
Platform & frameworks
CMMCNIST 800-171 ProxmoxCloudflare DigitalOceanWireGuard Microsoft 365Microsoft 365
Encrypted mesh VPNoperational today
75 WireGuard peers on a 25-second keepalive across Proxmox clusters, cloud instances, and edge devices. Every node verified within 30 seconds.
SC.L2-3.13.1
SC.L2-3.13.2
Idempotent hardeningoperational today
One re-runnable script: SSH lockdown, fail2ban, sysctl tuning, audit logging, VPN enrollment, monitoring registration. Safe on every server.
CM.L2-3.4.3
SI.L2-3.14.1
Centralized monitoringoperational today
UptimeKuma, Graylog SIEM, Wazuh XDR, LibreNMS. Alert routing to Discord, Teams, and SMTP from a single admin dashboard.
SI.L2-3.14.6
AU.L2-3.3.1
CMMC evidence collectionin development
Continuous scanning of all 110 NIST 800-171 controls with auto-generated POA&M. Per-engagement today; full automation in progress.
AC · AU · CM · IA

Control references follow NIST SP 800-171 Rev 2, formatted Family.Level-Section. These are implemented controls, not aspirational checkboxes.

Engagement models

Three ways to work together. All open-source. No lock-in.

Every engagement opens with reconnaissance — a complete picture before anything changes. Pricing is scoped to your environment, never inflated by device count. The assessment fee applies toward any ongoing engagement.
One-time

Assessment

From $2,500
Scoped to environment size

Know exactly where you stand. Full reconnaissance with confidence-scored findings.

  • Reconnaissance
  • Infrastructure mapping — every host, config, firmware
  • Security gap analysis with confidence scores
  • Compliance posture (CMMC, NIST, HIPAA)
  • Lock-in assessment & migration paths
  • You receive
  • Executive summary + technical detail
  • Prioritized remediation roadmap
  • Cost comparison: current vs. open-source

No changes made. Intelligence only — you decide what happens next.

Most common Monthly

Managed Infrastructure

From $2,500 /mo
Scoped to node count + complexity

Your infrastructure runs on open-source tools you own. I manage, monitor, and keep it hardened.

  • Everything in Assessment, plus
  • 24/7 monitoring — UptimeKuma, Graylog, Wazuh
  • Encrypted mesh VPN (WireGuard)
  • Patch & vulnerability management
  • Backup verification & disaster recovery
  • Firewall management (iptables)
  • DNS, SSL lifecycle, incident response
  • You receive
  • Live admin dashboard — your services, one pane
  • Monthly reporting with full audit trail
  • Quarterly business review

You own every tool, config, and credential. Leave any time and take it all with you.

Monthly

Compliance + Security

From $5,000 /mo
Scoped to framework + environment

Full management with continuous CMMC / NIST compliance — for organizations pursuing or holding certification.

  • Everything in Managed, plus
  • CMMC Level 2 mapping — all 110 NIST 800-171 controls
  • Continuous compliance monitoring by family
  • POA&M generation & tracking
  • System Security Plan (SSP) development
  • SIEM tuning & log-retention compliance
  • IR plan & tabletop exercises
  • vCTO advisory — 4 hrs / month
  • You receive
  • CMMC evidence packages per domain
  • Pre-audit readiness reviews
  • Auditor-ready change documentation

Built for defense contractors, government subs, and regulated industries.

All pricing is scoped after reconnaissance — you'll know exactly what you're paying for and why. Project work (VMware migrations, network redesigns, SIEM builds, DR planning) is quoted per engagement.

The operator

One engineer, augmented — not an org chart you pay for.

Zachary Ross

Zachary Ross

Frederick, MD · Remote & DC-metro on-site

Fortune 500 to defense contractors to small businesses — I've built infrastructure at every scale, and watched vendors extract maximum margin from each one.

DATAROSS isn't a traditional MSP. No sales team, no account managers, no overhead to pass along in your invoice.

Since 2009
Building, breaking, and rebuilding infrastructure
Full professional record → zachross.info

AI-augmented operations

How one engineer covers every CMMC domain across 75 nodes

Routine operational work — control checks, log triage, health verification, change logging — runs through a private fleet of AI agents, each scoped to one compliance domain and executing against the live mesh with authenticated, audited access.

The AI doesn't replace the judgment. It multiplies the reach — so a single accountable engineer can run an operation that would otherwise need a team.

ArchitectureSecurityAudit / logging MonitoringAutomationIncident response ConfigurationIdentityBackup / DR
The agent roster (named framework)
SOLOMON · architecture  |  NEHEMIAH · firewalls  |  DANIEL · audit  |  SAMUEL · uptime  |  BEZALEL · automation  |  GIDEON · incident response  — and twelve more governing configuration, identity, DNS, patching, certificates, risk, training, comms, capacity, media, and disaster recovery.

Give freely

What you receive freely, give freely. Technology should serve people, not manufacture dependency.

Matthew 10:8

Honest counsel

Sometimes the right answer is "change nothing." You'll hear what you need to, not what closes a deal.

Proverbs 27:6

Invisible when it works

Good infrastructure disappears. You focus on your work; the complexity is carried for you.

Galatians 6:2

Your interests first

Recommendations serve your outcome, even when that means less revenue. Trust outlasts any transaction.

Philippians 2:3-4
Contact

You already know if this applies to you.

Direct line

✉  [email protected] ☍  LinkedIn ⌥  GitHub Frederick, MD · remote, or on-site within the DC metro

Self-hosted & verifiable

Encrypted mesh, no third-party dependencies, full sovereignty. Every claim on this page is checkable — start with the live status page.

E2E
Encrypted
24/7
Monitored
Public
Status page
Open live status →
v3 · Jun 2026 · Dark