For MSSP partners and multi-business-unit enterprise security teams: the Celvex Central Operations Console is the unified pane of glass over every tenant, every region, every Proof Capsule. Manage subsidiaries, clients, or business units from one place, with per-tenant regional data residency (Canada, US, EU, APAC, or your own VPC), partner-branded delivery powered by Celvex, and the same verifiable proof your engineers already trust.
The pain we're naming
MSSP partners running validation for a dozen clients. Enterprise security teams covering five subsidiaries across three regions. M&A integration leads onboarding a newly-acquired entity into the parent's security posture. Today, all of these mean juggling multiple deployments, conflicting reports, fragmented dashboards, and customer-by-customer engagement reviews. The work is real; the tooling is glue.
Central Operations Console replaces the glue. Every tenant in one place, every Proof Capsule discoverable across the library, every report shaped for its audience and delivered under your firm as the security partner of record, without losing the per-tenant data isolation or regional residency (Canada, US, EU, APAC) that compliance requires.
What it does M3 deliverable, in design with founding-partner input
Add a tenant, assign a scope, deploy. Every tenant gets its own scan cadence, its own asset inventory, its own dashboard. The console operator can switch context between tenants without re-authenticating, and without crossing data boundaries.
Per-tenant reports tell each customer or business unit their story. Cross-tenant reports give you the operator-level view: which tenants have the most active findings, which detection coverage is weakest across the portfolio, which capsules apply across multiple environments.
A capsule produced for tenant A is searchable across the library: signed and isolated, but discoverable when the same finding class shows up in tenant B's environment. Pattern-recognition across the customer portfolio, without breaking tenant-level data residency (Canada, US, EU, APAC, or own VPC).
For MSSPs: you are the security partner of record, powered by Celvex. Deliver per-tenant reports under your firm's account, voice, and customer portal, carrying signed Celvex Proof Capsules your clients can independently verify. Your relationship, your delivery, backed by a named, verifiable engine your customers can trust.
Three default tiers: Analyst (operate within tenant scope), Partner Admin (manage tenants, configure per-tenant delivery and residency), Customer Viewer (read-only access to the customer's own tenant). Custom roles available for enterprise engagements.
Deploy in your customer's network, in your own VPC, or in our managed cloud in the customer's region (Canada, US, EU, APAC), all on the same console with the same Proof Capsule format. Edge nodes preserve customer data residency while reporting verifiable findings to the central console.
For MSSPs
You own the relationship and the delivery; Celvex is the named, verifiable engine behind it. Per-tenant pricing. Channel economics that respect partner margins. The Proof Capsule becomes part of your delivery, signed by Celvex so your clients can independently verify it, sold and supported by you. The Console is what makes that scale, for both your operators and your sales motion.
For Enterprises
Whether you're running security across five subsidiaries on three continents, or onboarding a freshly-acquired entity into the parent's security posture, the Console lets each unit operate inside its own scope while the corporate function gets the cross-tenant view it needs for regulatory reporting and board-level summary. M&A integration drops from quarters to weeks.
Common questions
The architecture targets 500+ tenants per Console deployment in M3. Founding partners run with 10 to 50 tenants today on the early-access build. Beyond 500, federated deployments share the Proof Capsule library while retaining per-region console isolation, the right answer for global MSSPs.
Three options: customer network (the edge node lives inside your customer's environment, communicates outbound only to the Console over a signed channel), partner VPC (the edge lives in your own AWS / Azure / GCP VPC, isolated per tenant), or Celvex managed (we operate the edge node in our regional infrastructure on the customer's behalf). All three produce the same Proof Capsule format.
Per-tenant encrypted storage with separate key-management envelopes. Cross-tenant queries are explicitly opt-in by both the operator and the affected tenant; the unified library is metadata-discoverable but content-isolated until both sides agree. Regional residency is enforced at the storage layer: a Canadian tenant's capsules stay in Canada, an EU tenant's never cross to US storage, and the audit log proves it (PIPEDA, GDPR, and CCPA aligned).
You control the wrapper: your firm's name and palette on the report, voice (formal / direct / technical), and a customer portal on your own subdomain. Each report carries a signed Celvex Proof Capsule your clients can independently verify, so you deliver the relationship while the underlying proof stays Celvex-signed and credible. We don't white-label: Celvex is the named, verifiable engine your customers can trust, and you're the partner of record who delivers it.
Per-tenant configurable. Daily executive summary, weekly per-finding digest, monthly trend, quarterly executive review. Cross-tenant rolls up at any of those cadences. Custom cadences available for tenants with specific compliance reporting windows.
Out of the gate: Splunk, Microsoft Sentinel, Elastic, Crowdstrike, SentinelOne, Jira, Linear, GitHub Issues, ServiceNow, PagerDuty, Slack. Per-tenant routing means a Splunk integration on tenant A doesn't bleed events into tenant B's SIEM. Custom integrations available via webhook or signed-event API.
A note on roadmap honesty
The Console as described above is targeted for M3 (Q4 2026) and is being built right now with founding-partner input. Multi-tenant management, partner-of-record delivery, and edge-node deployment are in active development; some are in early-access with founding partners; some are still being designed against partner feedback. We'd rather mark roadmap honestly than over-claim. If you want to shape what ships, the partner waitlist is the way.
CELVEX Group