Core Concepts
Understanding these concepts will help you navigate the platform effectively.
Tenant
Section titled “Tenant”A tenant is an isolated instance of the Monozu platform. Each customer or organization gets their own tenant with fully separated data. Tenants are identified by their account name (e.g. acme-industries).
A site represents a physical or logical location — a factory, data center, or office. Sites are the top-level grouping for assets, Monozu edge appliances, and network diagrams.
Network Zone
Section titled “Network Zone”Zones represent network segments within a site, typically modeled after the Purdue Reference Model. Assets are assigned to zones to reflect their actual network placement and criticality.
An asset is any managed device or system — a PLC, SCADA server, switch, workstation, or cloud service. Assets are the central object in Monozu; almost everything links back to them.
Edge appliance
Section titled “Edge appliance”A Monozu edge appliance (EdgeZu) is on-premises hardware supplied by Monozu at your site. It links your VLANs to Monozu Cloud (discovery, VPN, optional backup and security).
- What it does: Edge Appliance Overview
- Connect, SSH, and register: Connect & Register
- Keys in the cloud: Edge Registration Keys
- Firewall: Network & Connectivity
VPN Gateway
Section titled “VPN Gateway”A VPN gateway is an edge appliance at a site that provides remote access through the Monozu VPN Hub. Users connect from the cloud UI; no inbound firewall rules are required at your site for the appliance itself.
Access Policy
Section titled “Access Policy”An access policy defines which users or groups can reach which assets through a VPN gateway, including time windows and optional change request requirements.
Problem
Section titled “Problem”A problem is the underlying cause behind one or more incidents. Use problem records when you need structured root-cause analysis beyond a single incident ticket.
Service request
Section titled “Service request”A service request is a user-facing order from the service catalog (access, equipment, information). It follows fulfillment workflows separate from incidents.
Post-incident review
Section titled “Post-incident review”A post-incident review (PIR) documents lessons learned, timeline, and action items after a major incident.
Release
Section titled “Release”A release bundles multiple changes for coordinated deployment and communication.
Knowledge & diagrams
Section titled “Knowledge & diagrams”The knowledge base stores Markdown runbooks. Network diagrams provide visual topology per site, linked to assets and zones.
Maintenance window
Section titled “Maintenance window”A maintenance window schedules planned work and notifies stakeholders; it often links to changes and releases.
Security alert
Section titled “Security alert”A security alert is an event in the SOC inbox (integrations, edge, or manual). Alerts can escalate to incidents and MITRE tagging.
Role-Based Access Control governs what each user can see and do. Permissions are assigned at the group level. See Groups & Roles and the Permissions Reference for the full permission catalog.