Hosting / Infrastructure ~500–1,000 VPS/year, enterprise VDI cluster Infrastructure Automation / Full-stack / DevOps

From 2 hours to zero: fully automated VPS provisioning on an enterprise VDI cluster

La sfida

Every new VPS required roughly two hours of technical work: VM creation, Active Directory user binding, VDI portal login, software installation, license injection, local configuration, and manual registration in both an Excel spreadsheet and a CRM. An earlier PowerShell optimization had brought this down to 30 minutes per VM, but the model was still manual and brittle. At 500–1,000 VPS per year, the structural failures became unavoidable: the Excel inventory drifted from the real cluster state, CRM updates were missed or delayed, and licenses weren't reclaimed on dismissal — they just accumulated as waste. This wasn't a speed problem. It was an architecture problem.

La soluzione

I built an orchestration platform that covers the full VPS lifecycle — from initial request to final dismissal — with zero operator intervention in the standard flow. The system selects a VM from a pre-created pool, handles AD user binding, applies hardware configuration overrides (CPU, RAM, language), logs into the VDI portal, completes software installations, and injects licenses — including those that require GUI automation because they expose no API. Every lifecycle event is recorded on the CRM via bidirectional webhooks. A React dashboard lets non-technical staff monitor cluster state, run bulk dismissals, reconcile inventory against the CRM, and manage the domain without direct system access. The platform also includes a controlled Windows update rollout manager and an automated SSL wildcard certificate lifecycle manager.

Risultati

⏱️

Operator time per VPS: from 2 hours to zero

💶

Estimated savings: €15,000–40,000/year

🔑

100% of licenses reclaimed on dismissal

📊

Inventory, CRM, and cluster always in sync

🖥️

Dashboard operable by non-technical staff

🔒

SSL wildcard certificates renewed automatically

Stack tecnico

  • Python / FastAPI
  • MongoDB
  • PowerShell
  • pywinauto
  • React (TypeScript)
  • n8n
  • Active Directory
  • Let's Encrypt / DNS-01
  • Telegram

The problem that scripts alone can’t fix

Automating a single VM with PowerShell is a workaround, not an architecture. The real issue was that every lifecycle event — creation, dismissal, CPU/RAM change, software profile update — had to be manually replicated across at least three systems: the VDI cluster, an Excel inventory, and a CRM. One missed step meant stale data, licenses attached to decommissioned VMs, and orphaned Active Directory users. At 500–1,000 VPS per year, that inconsistency wasn’t an edge case — it was the baseline operating condition.

Zero-touch from request to dismissal

The standard provisioning flow requires no human intervention at any point. The platform receives the request, selects a VM from the pre-created pool, executes AD user binding with lazy assignment, applies hardware configuration (CPU, RAM, language), logs into the VDI portal, runs software installations, and injects licenses — including those that require GUI automation because they don’t expose an API. Everything is logged: every operation, every timestamp, every state transition. Dismissals are idempotent and automatically return licenses to the pool.

The dashboard as an operational force-multiplier

Before automation, any cluster intervention required a sysadmin. Now the operations team — without specialized technical skills — can trigger bulk dismissals, check cluster state, reconcile discrepancies between inventory, CRM, and physical nodes, and inspect the full job timeline. The technical team uses the same interfaces for more advanced operations: domain management, worker monitoring, license pool control. One system, role-differentiated access.

Planned and traceable domain maintenance

Two supporting components round out the platform. The update manager handles Windows update rollouts across domain controllers, RDS servers, and critical machines — with planned maintenance windows per group, post-update verification, and automated reboot management. The certificate manager automates the SSL wildcard lifecycle via Let’s Encrypt with DNS-01 validation: automatic renewal, deployment to RDS gateways, and Telegram notifications for upcoming expirations. Both components report to a segmented Telegram channel organized by event type.

System screenshots

Got a similar challenge?

Book a call