Outbound-only. No inbound holes.
Every OPS4 connection starts from your side or from the OPS4 cloud — never inbound into your network. Here is exactly how the traffic flows.
How it works
OPS4 runs as a cloud instance. A lightweight agent on each server reaches out to OPS4 (heartbeat → commands → results). Traffic is always outbound over HTTPS, isolated per tenant with a key and an IP allowlist. OPS4 never opens a connection into your network.
OPS4 Cloud
Collects, evaluates thresholds, dashboards & alerting — isolated per tenant.
● Your own instanceFor SAP BTP and Microsoft Azure there is no agent. OPS4 itself connects outbound to the cloud APIs and pulls the state — subaccounts, app health, spend, resource health. Nothing runs in your tenant.
From install to insight in four steps
Install the agent
A single signed installer per platform. The agent registers itself and waits for approval.
Approve the host
You approve the new host in OPS4. It is bound to your tenant with a key and IP allowlist.
Checks auto-provision
OPS4 assigns all the right checks for the detected plugin — no manual linking.
Watch, alert, act
Live dashboards, threshold alerting over your chosen channels, and optional automation.
Built to pass the security review
OPS4 is designed so that opening it up to your network is never required.
No inbound ports
Agents only make outbound HTTPS calls. Nothing listens for OPS4 on your servers.
Key + IP allowlist
Every agent call is gated by a per-tenant key and an IP/CIDR allowlist, enforced server-side.
Read-only by default
Database and SAP monitoring use read-only users. Automation is opt-in and approval-gated.
Isolated per tenant
Each customer gets a separate cloud instance; cloud credentials are encrypted at rest.
Ready to see your landscape as it really runs?
OPS4 gives you your own cloud instance. Install the agent, approve the host and you monitor within minutes — without opening your firewall.