// product · managed thin-client fleet

Desktop infrastructure you can actually reason about.

Managed thin-client fleet for the enterprise LAN — one server, dozens of fully-customized endpoints, zero per-seat licensing.

Book a demoEmail ksairakesh@bunroo.in
24endpoints
21online
3alerts
tc-01
CPU
°C
tc-04
CPU
°C
tc-09
CPU
°C
edge-01
CPU
°C
tc-05
CPU
°C
tc-06
CPU
°C
edge-02
CPU
°C
tc-11
CPU
°C
tc-02
CPU
°C
Open any device, remote in
Watch the whole fleet's vitals
Update every endpoint, one click
Cloud storage, mounted on login
Every action, logged forever
01 / drill in

Open any device, remote in

Live metric history, violations and the command log — then VNC in, push a login, or force-clear a stuck session.

02 / monitor

Watch the whole fleet's vitals

Fleet-wide CPU, memory and temperature trends plus real-time server load — no Prometheus or Grafana to bolt on.

03 / push

Update every endpoint, one click

Signed OTA packages, auto-pulled by each client on heartbeat. Stragglers catch themselves up.

04 / storage

Cloud storage, mounted on login

Per-user NAS drives over an encrypted tunnel — assigned in the console, auto-connected at sign-in.

05 / trust

Every action, logged forever

An immutable trail — actor, target, timestamp — for every change across the fleet.

100% custom fleet image
200+ concurrent sessions
~22s endpoint cold boot
0 per-seat licenses
// complete customization

Completely yours, top to bottom.

// os image

Custom fleet image

Your apps, branding and desktop baked into one signed image, flashed to every endpoint.

// browser

Hardened, filtered browser

Kiosk-locked, ad-blocked at DNS, content-filtered through the proxy, sandboxed.

// app policy

Approved apps per role

AppArmor-confined app sets — each role gets exactly what it needs, nothing else.

// branding

Login, splash & wallpaper

Push branded login, boot splash and wallpaper to the whole fleet in one click.

// scripts

Push anything, anywhere

Run any script or install on one, many, or all endpoints from the library.

// modes

Thin, fat, or hybrid

Centralized, local, or mixed desktops — one console manages every mode.

// one console, every screen

The whole control room.

PiDesk Clients
ClientsFull endpoint inventory & actions
PiDesk Analytics
AnalyticsClient mix & 30-day trends
PiDesk Alerts
AlertsThreshold & security alerts, triaged
PiDesk Violations
ViolationsWatchdog catches unapproved processes
PiDesk Scripts
ScriptsAuthor once, run fleet-wide
PiDesk Users
UsersDirectory-backed, per-device binding
PiDesk Printers
PrintersCentral CUPS management
PiDesk Packages
PackagesUpload a .deb, install everywhere
PiDesk Monitoring
MonitoringTelegram alerting, anti-spam
PiDesk Firewall
FirewallDeclarative nftables rules
PiDesk Wallpaper
WallpaperBrand every desktop centrally
// security posture

Published controls. No security-through-obscurity.

// credentials

Argon2id · AES-256-GCM

Storage configs encrypted at rest. Passwords salted SHA-512. Admin tokens with rotation.

// network

Default-drop firewall

nftables on server and clients. /32 routes so tunnels never carry non-target traffic.

// endpoint

AppArmor lockdown

Kiosk users non-login, no-home, confined. Browser in a sandboxed wrapper.

// identity

FreeIPA + device binding

Centralized users. Per-user allowlists. Cloned images rejected on unapproved hardware.

// session

No leaked state

Session save/restore disabled, polkit authorizes only active local sessions, force-clear wipes processes, locks and caches between users.

// secrets

Secrets handled clean

Mount credentials written only during mount, then securely overwritten and unlinked. A torn-down tunnel leaves no mounted trace.

// see it live

Ready to see it running?

20-minute demo — I'll screen-share a live fleet and walk the console.

Book a demoEmail ksairakesh@bunroo.in