Checkmk Raw 2.4 on Ubuntu 24.04 LTS

Open-source infrastructure monitoring without the SaaS bill. Checkmk Raw Edition 2.4 ships ~1,900 built-in plugins for servers, network gear, virtualization, cloud, databases, and applications — pre-installed on a hardened Ubuntu 24.04 LTS base. First-boot setup creates the monitoring site, opens the web UI, and generates a random admin password.

What you get

• First-boot site provisioning — omd create main runs automatically on first boot. cmkadmin password generated per-VM and written to /var/lib/checkmk-firstboot-admin-pw. No manual setup wizard.
• ~1,900 monitoring plugins included — Linux, Windows, VMware, Hyper-V, Kubernetes, AWS, Azure, MySQL, PostgreSQL, MSSQL, Oracle, nginx, HAProxy, Apache, Postfix, BIND, DNS, NTP, SNMP devices, SMART disk monitoring — the catalog covers nearly everything in a typical IT estate.
• Trusted Launch + Secure Boot on by default. vTPM attestation at deploy. Image-def is TrustedLaunchSupported — customer chooses TL or standard at deploy.
• Monthly security patches applied at build time — Ubuntu CVE fixes, Checkmk patches, Python 3.12 updates, Apache 2.4 rollups.
• 33 documented hardening traps applied at build — kernel boot params, sysctl knobs, SSH hardening, auditd, fail2ban defaults, locked-down apache config.
• Audit trail per release — every monthly image release is tagged in the build factory; you can roll back to a specific release if a Checkmk update breaks a custom plugin.

Who this is for

Platform engineering teams adopting open-source monitoring instead of paying Datadog per-host. Small and mid-market IT shops who can't justify SaaS observability spend on dev/test environments. Consultancies who deploy Checkmk repeatedly for clients. Compliance-driven shops that need full data sovereignty — no telemetry leaving your tenant.

Target industries & use cases

• MSPs — one Checkmk per client tenant, isolated by Azure VNet
• Financial services, healthcare (HIPAA data-residency), government, defense
• Manufacturing & OT — SNMP plugins cover industrial switches and PLCs
• Replace Datadog/New Relic on dev/test — keep paid SaaS for prod
• Air-gapped monitoring — no SaaS callback; data stays in your subscription

Why this VM instead of self-installing

Installing Checkmk is one apt repo and one omd create — but production-readying it isn't. Default Apache exposes ports you don't want exposed, the systemd unit needs tuning, and unattended first-boot admin handoff isn't documented. This image does that work monthly.

Recommended deployment

Minimum: Standard_D2as_v5 (2 vCPU, 8 GB RAM) for ≤ 50 monitored hosts. Recommended: Standard_D4as_v5 (4 vCPU, 16 GB RAM) with Premium SSD for 50-500 hosts. Storage: attach a separate data disk for /omd/sites/main/var so monthly image upgrades don't replace your historical RRD data.

Azure integration

Trusted Launch with Secure Boot and vTPM is on by default. The Azure Linux Agent is pre-installed. Checkmk's built-in Azure plugin can monitor your Azure resources via Managed Identity — no separate credential management. Azure Monitor coexists cleanly; no extension conflicts.

What's in each release & upgrade path

Checkmk Raw 2.4.0 (current stable, GPL v2) + ~1,900 plugins + Apache 2.4 + Python 3.12. Built monthly with rolling CVE patches. omd convert upgrades the Raw site to Enterprise (BYOL from Checkmk GmbH) when you need clustering or distributed monitoring.

Support & documentation

• Checkmk documentation
• Community forum
• DCA support

Checkmk Raw GPL v2. BYOC.