Capabilities

Four domains. One engineering process.

PHXTEKS engages across four capability areas. Each is grounded in the same approach: explicit scope, options with trade-offs, careful execution, and documentation that survives the engagement.

01

Infrastructure

Designing and building the systems a small operation quietly depends on — networks, virtualization, storage, the wiring closet you've been afraid to look in.

What's in scope

  • VLAN-segmented networking — guest, POS, office, IoT traffic kept apart
  • Managed switching, structured cabling, server room layout
  • Virtualization platforms — Proxmox and VMware ESXi
  • File storage, print, and shared-system architecture
  • Wi-Fi planning and access-point placement for actual coverage
  • Hardware refresh and lifecycle planning — what to replace, when, why
Best for Small businesses, shops, labs, and offices that have outgrown consumer-grade gear and want infrastructure that someone qualified would actually sign off on.
Typical stack
Proxmox VMware ESXi Managed L2/L3 VLANs VPN SD-WAN Windows Server Ubuntu Server
Representative work
  • Multi-site network modernization across a manufacturing footprint
  • Hands-on deployment support for SD-WAN rollout across a multi-site manufacturing footprint
  • Server room buildouts — rack layout through structured cabling
02

Integration & Automation

Connecting the systems you already have. Replacing SaaS where it makes sense. Automating the work nobody should be doing manually a second time.

What's in scope

  • Centralized identity — SSO, MFA, lifecycle management, least-privilege access
  • Configuration-as-code baselines — Ansible playbooks for repeatable hardening
  • Self-hosted services where the math beats the SaaS subscription
  • System integrations — making line-of-business tools actually talk
  • Endpoint management — device enrollment, policy, telemetry
  • Scripting and process automation — the boring work that compounds
Best for Owners tired of stacking monthly subscriptions, teams whose identity is scattered across ten tools, anyone running the same manual task more than twice a month.
Typical stack
Authentik Entra ID Active Directory Ansible Tailscale Intune Microsoft 365
Representative work
  • Identity lifecycle migrations across mailbox and AD environments
  • Ansible-driven baseline hardening across a multi-host fleet
  • Self-hosted file storage replacing monthly cloud spend
03

Field & Edge

Deployments outside the office. Rural sites, satellite locations, industrial floors, field installations — places where uptime depends on the install being right the first time.

What's in scope

  • Site surveys — power, connectivity, environment, mounting
  • Network deployment for sites without dedicated IT staff
  • Low-touch monitoring with off-network failure modes considered
  • Remote access overlays — Tailscale, VPN, console fallback
  • Hand-off runbooks the on-site owner can actually use at 2 AM
  • Multi-site coordination — keeping deployments consistent across locations
Best for Remote properties, homesteads, satellite offices, workshops, small industrial sites — anywhere a service call costs a half-day of driving.
Typical stack
Tailscale Cellular failover SD-WAN UPS / power conditioning Remote console Monitoring agents
Representative work
  • Rural site brought online with monitored, low-touch infrastructure
  • Multi-site network standardization across U.S. manufacturing locations
  • Satellite-office network integration into HQ identity and routing
04

Operational Resilience

Backups, recovery, monitoring, access governance, change control — the boring work that decides whether a bad day is a five-minute recovery or a five-day outage.

What's in scope

  • Backup architecture — 3-2-1 posture with verified restore testing
  • Disaster recovery planning — RTO/RPO that matches the actual business
  • Monitoring with alerts that mean something — no noise floor
  • Access governance — least-privilege, periodic review, clean offboarding
  • Change control and audit documentation — usable for compliance, real or aspirational
  • Incident response readiness — runbook, isolation procedure, communication plan
Best for Operations where downtime has a real cost. Anyone preparing for an audit, post-incident, or just tired of being one ransomware email from a very bad week.
Typical stack
Acronis Veeam-class backup Monitoring (varied) Authentik SCCM Change-control workflow
Representative work
  • Enterprise backup infrastructure across multiple manufacturing sites
  • Access governance in a GMP-regulated pharmaceutical environment
  • Incident response SOP written during a live event and adopted forward
The Process

The same five steps, every engagement.

No forced subscriptions, no scope creep, no half-finished work. The handoff is part of the deliverable.

  1. Scope

    Define the objective. Identify constraints.

  2. Options

    Clear paths with honest trade-offs.

  3. Execute

    Do the work cleanly. No shortcuts.

  4. Document

    Record every change made.

  5. Close out

    Verify result. Hand off ownership.

Engagement Formats

How the work gets shaped.

Most engagements fit one of three shapes. The right one depends on the scope and the urgency, not the price.

Project

Defined scope, fixed outcome.

A network rebuild, a migration, a hardening pass, a site buildout. Quoted against a written scope, delivered with documentation.

Days to weeks
Assessment

Short evaluation before commitment.

For larger or unclear work — a focused review that produces options, risks, and a recommended path before any larger commitment.

A few hours to a day
Retainer

Ongoing relationship, capped scope.

Selective. For operations that need a known engineer reachable, but don't want an MSP relationship. Hours-banked, no subscription bloat.

Monthly · by referral

Existing client? Need a remote session?

The remote support setup guide and connection settings are kept separately so they're easy to share when a session is scheduled.

Remote Setup →

Got something that needs to hold up?

Request Engagement