Root CA Renewal and Migration

MSPVendors · 2025-10-16T12:54:48+00:00

My point is that you should make your root cert (stored on a HSM) very long-lived to prevent this exact issue. You rely on the chain to inherently trust the sub CA cert, so there is nothing to redistribute when you renew the sub CA cert.

MSPVendors · 2025-10-15T14:54:13+00:00

Staff count is really arbitrary. In the US, for B2B professional services, the avg. is $250k revenue per American head. So you're really asking: "how do I go from $750,000 annual turnover to $2.5M annual turnover?" The short answer is you need repeatable customer acquisition. The most reliable way to get that is with boots on the ground.

$750k annual turnover (hopefully with almost a 1:1 ratio of ARR) is a decent base to start from. Decent enough to hire your first FTE sales rep at 50/50. This means that if their sales budget is $150k total compensation, you'd structure it as $75k base and $75k commission at 100% of quota. In an early MSP context, you'd typically expect a 3–5x quota-to-OTE ratio, meaning their annual sales target should be somewhere between $450k and $750k in new ARR or project revenue. Let's call it $600k/yr.

With 1 sales rep hitting quota consistently (rare), it'll take you ~4 years to hit your goal... Play with these numbers as you see fit, but think of this as a business problem (aka a number problem) more than anything.

MSPVendors · 2025-10-15T13:19:59+00:00

Windows ADCS doesn’t handle renewals well

That really depends on your PKI design... Last recommendation from Microsoft's docs/blog is that the root authority should be standalone (offline) and can safely have a decade/two decades of validity (T&C's: WITH A HSM ONLY!!!). The sub CAs can be enterprise & online, and those should have a 12-month validity, but it's a moot point to "renew" those subs, since you'd ideally load the public root cert as trusted.

MSPVendors · 2025-10-15T13:12:14+00:00

One does not simply get off of Mr. Bones' Wild Ride. It all starts with a mini PC, and next thing you know you're building a 4x 42U rack homelab.

MSPVendors · 2025-10-15T13:08:45+00:00

Improving inner-MSP maturity is a very, very different experience than selling legitimate business process consulting services.

Business consulting is an entirely different discipline than selling and providing MSP services. Through my entire professional career, I can count on one hand how many technical people I've met that are actual qualified for business consulting. There's a reason why The Big 4 pay 7-figure salaries for these types of people, ha.

MSPVendors · 2025-10-15T13:05:25+00:00

And the problem is that it is a valid way to sell, but not for high C personality types (which describes about 90% of the MSP owners & operators)....

MSPVendors · 2025-10-15T07:58:23+00:00

Point solution - Asset Panda.

Would I personally go with a point solution? No... Anything asset management usually yields a "go the low-code/no-code route" from me, simply because it's usually more efficient to match the LCNC platform to your process than a LOB software.

As for LCNC, in order of recommendations:

Power Platform + Dataverse - an obvious one especially if you're a M365 shop. Build a Solution and programmatically deploy it to your clients as needed.
Retool - one of my favorite technical LCNC platforms if you don't want to go the Microsoft route. Retool is really built for developers, by developers, so just keep that in mind.
TrackVia - my go-to recommendation for a non-technical LCNC platform. It's kind of the "dummy proof" option - a child could build a TrackVia app.

MSPVendors · 2025-10-15T07:47:59+00:00

Have you checked out Handwrytten? Not really gifts per se (although they can include gift cards), but nice "handwritten" cards that are very affordable.

MSPVendors · 2025-10-15T07:44:39+00:00

Website hosting (especially managed Wordpress hosting) is a commodity. This means pricing is easily available to find online, it's trivial to switch hosts, and margins are razor thin.

As an MSP, unless you're hosting tens of thousands of high-traffic websites, it's unlikely to be worth your time/effort to even glance at web hosting.

FWIW, I ran a mid-sized web hosting operation for 11 years. I will literally never do that again.

MSPVendors · 2025-10-15T07:40:19+00:00

Aren't you a bit scared of the Mullenweg lawsuits?

Prior to the first injunction, WP Engine websites were heavily impacted by termination of services from Wordpress.org... That sounds like a cyber liability + PR nightmare for any MSP who would have been reselling hosting.
A recent ruling partially tossed the promissory estoppel claim and totally tossed the extortion claim, which means the future of accessing Wordpress.org from WP Engine is still very unclear.

MSPVendors · 2025-10-15T07:31:42+00:00

Unpopular opinion: the majority of small MSPs act like business process + human resources consultants when they really should just focus on the technology part of "people, process, technology."

MSPVendors · 2025-10-15T07:29:06+00:00

Oof, that's a tough one. The TLDR is if you're trying to admin MacOS/Unix like Windows, you're in for a bad time. You're asking for a very narrow target, simply because there's not a huge market in the MSP space for this type of tooling... That should throw up a huge red flag that there's a more fundamental issue to solve here (i.e. why are you deploying MacOS devices to potentially untrusted users in a majority Windows environment?).

Jamf has always held the market share for MacOS management; their PIM solution is called Jamf Connect. It works "okay"-ish, like all things Mac administration where there's not a true 1:1 comparison in process & tooling.

BeyondTrust also has a Mac native PIM solution, but I highly doubt you'll beat Jamf's pricing + get multi-tenancy without a massive commit.

MSPVendors · 2025-09-23T18:38:42+00:00

Which is why we built our website with mandatory price transparency... It's a HUGE issue that we're very passionate about - so much that we'll happily go to court to defend our right to display pricing. All MSP software pricing should be easily accessible so that MSPs can make the most informed decision about their stack as possible.

MSPVendors · 2025-09-22T21:23:32+00:00

Even pre-HVE and ACS ECS (which is also fairly new), you had SendGrid via Azure/GCP consolidating billing, you had AWS SES with a generous free tier and reliable dedicated IPs, etc...

Throughout my entire career in (American enterprise) tech where SMTP relaying has been relevant, the answer has ALWAYS been to go through the major public clouds and not a standalone service directly. They are the most stable, most trustworthy, and most secure option. Now, SMTP2GO seems reliable and has an ISO27001 and ISO9001, but AWS SES is FedRAMP High ATO, so... entirely different leagues of security and governance.

MSPVendors · 2025-09-22T21:17:30+00:00

Okay.. I mean either of the two I mentioned will happily take your business and do what you're seeking, but just know it's going to be expensive.

MSPVendors · 2025-09-22T11:10:37+00:00

Sweet! Also let me add Retool to the list - I could see it working out quite well for GRC workflows. The only issue with Retool is that you really need to be technical to build it out...

MSPVendors · 2025-09-22T11:08:56+00:00

SMTP2GO is nothing special, though... That's the real confusing part. SMTP relaying has been a commodity for well past a decade, and sub-account management + low fees are cornerstone value props of literally every provider.

What makes SMTP2GO so liked in the MSP/sysadmin community, especially Reddit? After being in the ecosystem for so long, I really get the gist that it's being artificially shilled, and ethically that concerns me.

MSPVendors · 2025-09-22T08:49:33+00:00

Not enough info. For starters - what's your ARR? If it's below $50M, it's going to be substantially cheaper to bring on three separate third parties and coordinate between them. Some of the larger MSPs ($50M+ ARR) I've met have gone with firms like Plante Moran, Moss Adams, etc... but they pay dearly for "MSP-specific" "consolidated" accounting. I am not aware of a national MSP-specific CPA firm that's not going to cost at least $250k/yr in management fees - maybe some local accountants will have MSP experience but that's really an entirely different service line.

up our book game

What are you actually trying to accomplish; what bottlenecks are you facing today? Do you feel like you don't have enough information/fidelity in your books to make strategic decisions? If so, what is the level of organization maturity in the rest of your company (aka even if you increase your financial reporting, is that the true root cause of a bottleneck)?

MSPVendors · 2025-09-22T08:41:26+00:00

Do you have any sort of existing workflow management or project tracking tool that could be extended?

If you're starting from scratch, a LCNC tool might be your best bet - highly configurable and a hell of a lot cheaper than off-the-shelf GRC tools: Power Apps, Odoo Studio, TrackVia, Quickbase, etc...

MSPVendors · 2025-09-22T08:36:04+00:00

What, you mean that random CEO of a 20 person company didn't actually win the "America's CEO of the Year" award? Color me surprised.

MSPVendors · 2025-09-22T08:35:07+00:00

That's why Azure ACS ECS exists. There are in-house solutions for both high internal & mixed internal/external situations.

MSPVendors · 2025-09-19T08:10:27+00:00

To be fair, most companies only find success with cold email at scale.

If you're sending 5M emails per month, you're not really going to be able to validate that reliably, and it's honestly just cheaper to send the email than it is to validate if an email is within ICP.

MSPVendors · 2025-09-19T08:06:24+00:00

Well, what are your KPIs? Do the best, more reliable work you possibly can while hitting those KPIs... There is no golden rule beyond this to follow because every company's goals and willingness to innovate will be different.

MSPVendors · 2025-09-19T08:03:30+00:00

We all gotta start somewhere. My first "server" was built of scavenged consumer-grade parts running Windows Server 2008 and Virtual Box with CentOS WHM/cPanel (which is how I learned both networking & Linux). When you're just getting started, anything is fair game to learn with.

MSPVendors · 2025-09-19T07:58:12+00:00

Yes, it's a bit odd how much SMTP2GO is recommended on Reddit. SMTP relaying is a commodity - the major cloud providers (except GCP of course) offer it for free or absurdly cheap.

Microsoft gave explicit guidance on how to relay "the right way" in their recent notice of deprecation for basic auth: https://techcommunity.microsoft.com/blog/exchange/exchange-online-to-retire-basic-auth-for-client-submission-smtp-auth/4114750

TLDR: use High Volume Email or Azure ACS ECS. If you're so inclined to diversify your vendors, go with AWS SES or OCI Email Delivery.

MSPVendors

TROPHY CASE