Everything you need to know before you choose Mirox

Very likely. Mirox supports a broad and continually growing range of devices, so you can check your hardware before committing. Supported families today include Bluelog dataloggers, SMA Sunny Central and Power Manager, Sungrow loggers, Huawei SmartLogger, Fronius inverters, Janitza power-quality meters, Phoenix Contact PLCs, Dexcon, Zebotec and FREQCON battery storage — among many others. If a device isn't on the list yet, our team adds support for it on request, so coverage keeps expanding.

We add support for it — promptly, on request, with no impact on your onboarding timeline. You carry on with the rest of your fleet while support for the new device is added, typically within days depending on complexity. Coverage also does not depend on formal vendor API documentation: Mirox can read data from a REST API, web interface, database, file or live data feed, so even older or less-documented equipment is fully supported.

Mirox uses dedicated, device-specific integrations rather than a generic protocol scraper, so your data arrives clean and correctly structured from day one. Each device is read over the interface it actually provides — a vendor HTTP/HTTPS API (most common), a live WebSocket, Microsoft SQL Server, S3/file access, or a time-series query interface for batteries. SNMP is supported for switches and routers in the network inspector, and every energy device has its own dedicated integration.

Mirox needs network access to your data sources — typically Ethernet or WiFi to the device IP, over the port its interface uses (for example TCP 80/443 for HTTP or WebSocket). For isolated OT networks, air-gapped systems or serial-only devices, a small data collector bridges the gap, such as a network-capable logger or a serial-to-Ethernet gateway. The agent itself only ever connects outward, so no inbound port is ever opened on your network.

No — Mirox is a software-first solution, and on-site hardware is not required. The agent is software that can roll out onto your existing on-site cluster or infrastructure, and a fully cloud-based option needs nothing installed at the plant at all. Dedicated hardware becomes relevant only in critical situations where preventing any data loss has the highest priority: there we can supply our own rugged edge gateways (mrxnodes), and on-site high availability is achieved by running more than three mrxnodes per site, so the loss of any single node never interrupts collection.

Yes — because the agent is software, it runs on your own compatible infrastructure: a Linux-based host with a container runtime, or an existing on-site cluster. In that model you stay responsible for keeping the microservices updated against the periodically-updated cloud (virtual-machine-only deployments are not supported). If you would rather not manage that, our optional mrxnode gateways come pre-configured, tested and automatically updated — and several of them give you high availability on site.

Yes. The agent can run on site or entirely in the Mirox cloud over a secure VPN tunnel, and you can switch between the two at any time without lock-in. Cloud-based needs no on-site hardware and is self-service to activate, but it depends on a stable VPN and internet link and cannot buffer locally or inspect the local network. On-site (software on your cluster, or an mrxnode) keeps collecting and buffering through internet outages and enables local network inspection.

No — loss detection works without an on-site irradiance sensor. The nightly analysis derives a reference-irradiance baseline from your plant's own best-producing strings, so full loss detection runs even on plants with no dedicated radiation sensor. That lowers the hardware bar to get started: you get the complete analytics picture without a pyranometer. Where a radiation sensor does exist, Mirox also monitors it and can flag a defective one as its own distinct event.

Your data stays under European jurisdiction with full GDPR compliance, and European data sovereignty is the platform’s primary design stance. Mirox runs across multiple independent European data-center regions at the same time, each running the complete stack, so operations continue through the failure of any single region. The platform is built on European, cloud-native open-source tooling with deliberate independence from non-European vendor lock-in, and its design aligns with European critical-infrastructure rules including KRITIS and the CER Directive for the energy sector.

No. Mirox maintains no vendor dependencies for hosting and is built as a European solution with deliberate architectural independence from vendor lock-in, so it does not depend on AWS, Google Cloud or Azure. During development it builds on proven open-source tools, primarily from the Cloud Native Computing Foundation (CNCF), and once deployed it operates independently with no mandatory reliance on external vendors. The full stack runs on Mirox-operated infrastructure across multiple independent European data-center regions, keeping your data under European jurisdiction and GDPR — a deliberate data-sovereignty position, not a marketing slogan.

Only a small set, each for a non-core capability and built to degrade gracefully: an AI/LLM provider configured per organization (the Mirox default, or your own OpenAI/Anthropic account), SEPA direct-debit payments, and EU VIES VAT-ID validation — if one is slow or down, the action is retried or shows a clear message rather than failing silently. Open-Meteo (weather) and Grafana (deep-dive dashboards) are integrated and provisioned automatically. The core monitoring storage, databases and messaging all run in-house.

Yes — beyond the standard multi-tenant SaaS, Mirox offers dedicated and self-hosted models for stricter data-control needs, available to enterprise customers. A Dedicated Cloud Instance gives complete infrastructure-level isolation with a custom SLA; a Hybrid model lets you host and control all data-storage endpoints while Mirox runs the application logic; and an On-Premise installation can run fully independently, even air-gapped. These options range from low-overhead SaaS to full self-hosted sovereignty and are arranged as part of an enterprise agreement.

Yes — the Hybrid deployment model, an enterprise option, lets you host and control all data-storage endpoints while Mirox runs the application logic. The application, APIs and processing run in Mirox's managed cloud, while the relational database, S3-compatible object storage and time-series database are hosted and managed by you, giving complete control over where your data physically lives. In that model you take responsibility for the durability of your own storage.

Operational data lives in a proven, purpose-built storage layer while the application services stay stateless and scale horizontally. Time-series metrics from inverters, meters and sensors sit in specialized time-series databases tuned for high-throughput writes and fast time-range queries; a relational database holds configuration and user data; object storage holds media and large datasets. In the managed cloud the relational core adds replication, high availability, backup and disaster recovery. With hybrid or on-premise deployments, storage durability is your responsibility.

Mirox's architecture is engineered to deliver 99.999% availability. That five-nines target comes from multiple independent European regions, multiple servers per region, automatic re-establishment of connections against another healthy server, and continuous supervision of the on-site agents — so there is no single point of failure. This is an engineered availability target rather than a contractual SLA on the standard plan; a Dedicated Cloud Instance on an enterprise contract can add formal SLA guarantees with custom availability commitments.

Your connection always attaches to a healthy entry point, and if one becomes unavailable it is re-established automatically against another healthy server, with no reconfiguration on your side. Because Mirox runs across multiple independent European data-center regions at the same time — each running the complete stack and served by multiple servers — there is no single point of failure, so losing one server or even a whole region does not take you offline. The platform is cloud-native and horizontally scalable with automatic failover, self-healing and load balancing, and the cross-region redundancy is built specifically for disaster recovery and business continuity.

No — on-site agents keep operating locally even when cloud connectivity is lost, continuing to collect and process data through the outage. The agent buffers data locally and delivers it once the connection returns, and missing periods are detected and rebuilt by backfill, so no data is lost. An mrxnode’s 512 GB SSD provides years of offline buffering headroom. This edge-and-cloud separation means local operations keep running through network interruptions without any manual intervention.

On-site agents are continuously supervised and auto-recovered without a site visit. An orchestration layer verifies each plant’s agent on a short cycle, and if it goes missing, stops responding, or its host fails, it is automatically restarted, redeployed or relocated to another healthy host. A safeguard ensures the same agent never runs in two places at once. This self-healing recovery means no truck rolls are needed to keep your plants reachable when something goes wrong at the edge.

Yes — the two-tier edge-and-cloud architecture scales each tier independently and removes single points of failure. Agents scale with the number of parks, while the cloud scales with data volume and user activity, so both halves grow with need. The cloud is horizontally scalable and cloud-native, with dynamic scaling, automatic failover, self-healing, load balancing and zero-downtime updates. Each edge Data Scraper runs 20+ concurrent adapters and sustains 10,000+ metrics per minute, so large fleets are well within reach.

Yes — Mirox's audit logging is explicitly designed to meet German KRITIS rules and the EU NIS2 directive for remote-access logging. A continuous, tamper-resistant audit trail captures every VPN session and every browser-proxy request per plant, recording who reached the network, when, which subnets and devices were touched, how much traffic moved, and which URLs and methods. The platform's design also tracks evolving European critical-infrastructure requirements, including KRITIS and the CER Directive for the energy sector.

No — your plant network never needs an open inbound port; the on-site agent only dials outward to the Mirox cloud. Nothing on the public internet can initiate a connection toward your plant network, and this holds for both VPN and browser-proxy access. The agent is the single, bounded point of entry, isolated to its own plant and never a path into another plant or organization. This removes the biggest attack-surface objection: there is no internet-facing port on your critical OT infrastructure.

Remote plant access uses a WireGuard VPN with modern cryptography: your private key is generated on your own device and is never stored by Mirox, which only ever sees your public key. A split tunnel routes only traffic for private plant networks through the VPN. For staff who shouldn't have a full network tunnel, a Browser Proxy gives VPN-free, agentless access to a device's web interface over a per-device HTTPS URL, with no IP route into the plant LAN. Opening any device through the Proxy requires active two-factor authentication, checked on every request.

Mirox uses role-based access control across three axes with least-privilege defaults: a platform-wide system role, an organization role, and per-resource job roles such as Operator, Technical Manager, Asset Manager and Viewer. Every request passes layered checks that must all agree, access is explicit rather than assumed, and permissions inherit down organization, portfolio and plant. This lets you separate technical from commercial responsibility and grant per-plant access without over-exposing your whole portfolio. The most powerful capability, a network-level VPN, is reserved for the Operator role only.

Yes — two-factor authentication via TOTP authenticator apps, requiring a current 6-digit code at login. Setup is QR-code based and only activates after you confirm a first code, so a misconfigured app can't lock you out, and you keep a single-use 8-character backup recovery code that auto-reissues. Email alerts fire on logins from a new device or location and on failed attempts, you can review every active session and sign out any other device, and opening any plant device through the Browser Proxy always requires active 2FA.

Audit records are retained for at least 730 days (24 months) by default, then auto-purged, and cannot be edited or deleted by users. Snapshot fields are write-once and stamped on first insert, and records survive user, plant, device and organization deletion via preserved snapshots — so forensic evidence stays available for the full mandated window even after personnel changes or a plant sale. The trail deliberately captures metadata only: never session content such as keystrokes, screen recordings or packet payloads.

No — platform-administrator access to a user account is restricted, logged, time-limited and visible. In rare support situations a Mirox admin may temporarily access an account, but only with a logged reason recorded in a dedicated audit trail, only against standard user accounts (never other admins), only for a short time that ends automatically, and with a visible banner shown while it is active. Inter-service traffic is also encrypted and authenticated through the platform’s own internal Certificate Authority, so internal communication is protected too.

Access is revoked within seconds of a permission change, with a background re-verification safety net. When a job is removed, organization membership changes, or a cooperation ends, the plant is removed from the person's reachable routes within seconds, and the underlying network path is torn down shortly after on the next reconciliation; the same change also withdraws Browser Proxy access. A periodic background check independently re-verifies every active profile against current permissions, so a single missed event can't leave access open. Deleting a user account stops remote access within seconds, while the compliance history is preserved for the legal retention period.

No — the AI cannot send commands to or operate any plant equipment. There is no tool to switch, reboot, restart, curtail, set a setpoint on, or otherwise control an inverter, PLC, network switch, router or datalogger. The AI's capability catalogue contains only read tools and propose-only draft tools — there is no field-device command tool anywhere in it. On top of that, the AI has no network connection to the plant site and cannot reach the local network, so it physically cannot actuate your OT hardware.

By default the AI runs on Mirox-operated infrastructure in Germany (EU), so your request data stays within the EU. It leaves the EU only if an administrator deliberately configures an external provider such as OpenAI or Anthropic. The default Mirox AI is included in your plan with no separate AI charge, and switching providers changes only where requests are processed, never which features you get — so you can keep AI fully EU-hosted without giving anything up.

No — the default Mirox AI is a fixed, off-the-shelf model that is never trained or fine-tuned on customer data. It does not learn from your plants, documents or conversations; the assistant gets better through deeper platform integration — new tools and cleaner data access — not by learning on your content. The AI also never sees keys, credentials or secrets, which are excluded from every AI capability. Your operational data never becomes training material.

No — every data change the AI prepares follows a propose-then-apply pattern, and nothing is written until a human explicitly approves it. Wizards stage proposals you accept or reject individually or all at once, and this holds for the in-platform assistant, wizards and external agents alike, so you remain the decision-maker. The AI also inherits exactly your own permissions and can never exceed them or reach another customer’s data. Only a few background helpers run automatically, and they only add non-destructive metadata such as document tags.

Yes — your organization can bring its own AI provider and API key, choosing OpenAI or Anthropic, configured centrally by an administrator who can optionally pin a specific model. Your provider key is stored encrypted and never exposed back to members, and the setting applies organization-wide. Note that with an external provider, request content goes to that provider under its own terms and Mirox makes no guarantees about its retention or use, and that provider's token usage is billed to you separately, on top of your Mirox plan.

Yes — every wizard run is saved with its full reasoning transcript, the actions it proposed, and your accept-or-reject decision on each one, and automated background AI flows run as reviewable wizards too, so there is no AI activity without a record. External AI agents connect through the Model Context Protocol under your own permissions; every tool call is attributed to you and audited like any other access, and the protocol never exposes secrets to the agent. You get full traceability of exactly what the AI proposed and what a human approved.

Yes — Mirox supports solar PV, wind turbines and battery storage (BESS), and you can group mixed technologies into a single portfolio. All three share one cloud platform, one agent, and one security and permission model, so a buyer with mixed solar, wind and battery assets manages the whole fleet in one place instead of juggling separate tools. Solar coverage spans rooftop, ground-mounted, single- and dual-axis tracking and floating systems, with string, central, micro and hybrid inverters all supported.

Solar plants get a per-plant digital twin that explains not just that a component underperformed but why — distinguishing a real outage, a degraded string, a stuck logger or a communication gap. It models the plant down to the individual string using a deterministic clear-sky model plus validated panel and inverter models — all physics-based, with explicitly no machine-learning guesswork. Core equipment such as inverters, strings and meters is discovered automatically from the live data rather than typed in by hand, so you get traceable root-cause clarity attributed to a specific component and cause.

Battery storage is auto-discovered as a four-level box, storage, module and cell hierarchy, built from the live data feed rather than entered by hand. Mirox tracks charge and discharge power, energy throughput, state-of-charge, state-of-health, voltage and temperature down to module and cell level, plus a healthy-cell count, all in a vendor-independent metric vocabulary. A per-park summary shows component counts, healthy cells, nominal AC power and energy, verification status and a needs-attention count. FREQCON battery systems are supported today, and other controllers can be added on request.

Yes — curtailment is tracked separately and attributed to the responsible party, the direct marketer or the grid operator, instead of being flagged as a component fault. It is detected when a plant is held at or near its active-power cap, and the foregone energy is recorded per minute against the marketer or the grid. Separately, every reported energy loss carries a HIGH, MEDIUM or LOW confidence level, and weather such as snow, fog and dew, plus controlled shutdowns, are excluded so they are never miscounted as faults.

Yes — a built-in Local Network Inspector auto-discovers, classifies and health-checks every switch, router, logger and meter behind the plant, and shows the full cloud-to-logger connection path so you can see exactly where a break sits. Discovery uses ICMP, address resolution, vendor lookup and SNMP probes with AI-assisted identification, and monitoring runs ICMP ping, TCP-port, HTTP and SNMP checks. It does not restart services or reconfigure devices, and it works whether the agent runs on site or in the cloud over a VPN — so you can pinpoint a failing switch without sending a technician.

Yes — Mirox delivers a 5-day, physics-based PV production forecast for every accessible plant, grounded in DWD weather data rather than opaque machine learning. It combines each plant's recent measured behaviour (a default 45-day window) with local DWD weather via Open-Meteo at hourly resolution, giving expected energy with a high-low band, performance ratio, a clear-sky reference and an hourly power curve. Plants whose estimate varies by more than 50% are held back from the overview to keep it trustworthy, so the forecast stays explainable and traceable.

Yes — the KPI dashboard rolls live, fleet-wide numbers up to portfolio and organization level, refreshing every minute and scoped strictly to your permissions. Live cards show production, grid loss, grid-operator and direct-marketer shutdowns and total installed capacity, with per-plant KPIs including specific yield and digital-twin completeness, plus a plant-state distribution. Euro figures use a single flat indicative rate and are explicitly not settlement or invoice numbers. So you can spot a fleet-wide problem in seconds without opening a single plant.

Yes — you can export report-ready time-series data as CSV or JSON across one park, many parks, or whole portfolios in a single API call. There is a canonical CSV template download, a JSON query variant, and raw high-resolution time-series at 5-minute, 15-minute, hourly or daily steps, with comma-separated park and portfolio parameters that union parks for portfolio-wide aggregation in one request. A broad library of cleaned, pre-aggregated metrics — energy, irradiance, weather, availability and battery figures — means the output is business-ready, not raw counters.

Yes — Mirox exposes a versioned REST API, and everything the web interface does is built on the same public endpoints, so you can drive the platform programmatically. Endpoint groups cover plants, portfolios and components; metrics and data export; events, tickets and reports; and organization, cooperations and access. The same role and permission rules apply through the API as in the interface, so a call only returns the plants and data you are entitled to see. Live, interactive documentation is generated from the running platform and published as Swagger UI and ReDoc, so your developers can explore the documented endpoints before committing.

Yes — Mirox supports feeding exported data into external BI tools and custom report pipelines, with documented use cases including Power BI, Tableau, custom Excel templates, energy-management systems, carbon-accounting software and portfolio-management tools, via CSV or JSON. The export API offers locale-aware formatting — configurable field separators, decimal characters and date formats (ISO, European, US, German) plus UTF-8 — so you can match the output to any European or US spreadsheet tool. German defaults work out of the box.

On termination of a service contract you get a 30-day wind-down period to export your data before access ends. You can request termination at any time, and unless you ask for immediate termination the contract stays active for 30 days so you can export first, with a dedicated view listing every park covered by the contract. This directly addresses data-ownership and exit-risk concerns — you keep a clear window to extract your data on the way out — and Mirox separately provides CSV and JSON export through its export tools.

Yes — you can generate technical and financial PDF reports on demand for any plant, with stored period-by-period history. Technical reports cover operational performance; financial reports give an economic view drawing on your Market and Tariffs configuration; and you choose the period, resolution and language. Every report is stored, listable with pagination, sorting and filters, downloadable as PDF and deletable. Exports are template-driven, so the numbers pulled via the API exactly match the numbers in the generated PDFs — data consistency you can re-derive yourself.

Yes — plants automatically raise machine-detected, time-stamped park events that give an objective record of what happened and when, including grid and external shutdowns, overproduction and radiation-sensor defects, each with a priority and status. Tickets add a full O&M work-management layer with assignment, threaded comments, @mentions and an automatic activity feed that cannot be quietly rewritten. Closed events and tickets are retained long-term for audits and warranty claims, and the ticket activity feed is explicitly drawn on for warranty disputes and post-incident reviews — a defensible, tamper-evident record.

Onboarding is fully self-service end to end, from email invitation to live production data, with no Mirox support call required. The documented path is to register an account, create an organization, model your plants, and run a guided five-step onboarding wizard until data flows. The only point Mirox steps in is if a datalogger requires a brand-new adapter — added promptly on request, while you keep working in the meantime. So your team can stand up monitoring on its own without booking professional-services hours.

No — you do not enter inverters, strings, batteries or meters by hand; the agent discovers your equipment automatically once the connection is live. After the VPN is up, the platform scans the local network and lists every reachable device for you to review and name. For supported logger families such as Janitza, Huawei and Phoenix Contact, devices are recognised and mapped automatically with zero configuration. Documents you upload are also analysed by AI in the background to pre-fill plant master data, cutting manual entry dramatically.

Pricing is simple and per asset, billed monthly through in-platform subscriptions tied to the parks you run: solar parks and battery storage are €150 per month each, wind turbines €45 per month, with no setup fees. You can start with a free proof-of-concept pilot, and onboarding proceeds in parallel — you sign the contract and set up payment while your first data is already flowing. Payment is by SEPA bank transfer or direct debit, with EU VAT validation via VIES for tax-free reverse-charge invoicing outside Germany.

Yes — resources follow a strict three-level hierarchy of organization, portfolio and plant, which drives both reporting rollups and access control. Portfolios group related plants and each plant is one renewable-energy asset, so the platform models your fleet structure cleanly. Live KPIs roll up from plant to portfolio to organization level, and the structure supports mixed solar, wind and battery assets. Access control inherits down the hierarchy, letting you grant per-plant or per-portfolio permissions without over-exposing the rest of your fleet.

Yes — cooperations let you securely share specific plants or portfolios with another organization while keeping full ownership and control, ideal for service providers, asset managers or investors who work in your assets from their own account. Only your organization admin can invite, change or revoke a cooperation, and partners can't re-share onward. The shared job role is a hard ceiling on everything the partner can do, the Operator role can never be shared, and all access made through a cooperation is recorded in the audit log.

Yes — member access can be paused, time-limited or expired without deleting the person, at both organization and per-resource level, which suits fixed-term contractors and externals. An external member gets no access by default until you explicitly grant a job role on specific plants or portfolios, supporting least-privilege onboarding. You can set a membership expiration date or a per-resource grant expiration on a single plant, and pause a membership so someone keeps their seat but is blocked until re-enabled. Every assignment and removal is traceable in the audit log.

Yes — every organization and plant has built-in file storage, with drag-and-drop upload including whole folders. Organization storage holds contracts, invoices, insurance and permits; plant storage holds irradiation reports, grid-connection documents, as-built drawings and inspection protocols; any file type up to 50 MB. Plant files are auto-tagged by AI (organization files are categorized by hand), and a file’s category controls which roles can see it — sensitive commercial categories like contracts and invoices are limited to Moderators and above.