Chapter 01
The MSP ran an RMM platform with a permanent agent on every managed endpoint. The same credential that opened a Tier-1 support session for one customer could reach every endpoint in every customer's environment.
Mid-market MSP · 18 customers · ~3,500 managed endpoints
One MSP RMM credential had line of sight to every customer endpoint, all day.
−96%
MSP RMM dwell time
18 of 18
Customers with hardware isolation
3 weeks
Average pilot-to-rollout time
What happened
Outcome.
Chapter 02
AGN1 units were deployed at each customer site on the MSP-managed admin path, with one AGN2 rack at the NOC for fleet management. The MSP's standard plan now includes the AGN1 unit as part of the monthly fee.
Chapter 03
The MSP's own incident response team became the biggest internal advocate: every drill that previously required manual VPN disconnects now happens through a hardware switch. The product team published a one-pager that customer-facing reps use to demo the audit log during quarterly business reviews.
Disclaimer · Composite case based on conversations with North American and European MSPs in 2024–2025. Specific numbers represent typical scope, not a single deployment.
See if your pattern matches
Most pilots look like one of these three.