Stability IT, a managed service provider based in Prestatyn, North Wales, has pulled off a seamless RMM migration that many in the industry might have deemed too risky. By leveraging Kaseya VSA 9’s own scripting engine to deploy Datto RMM agents, the MSP moved its entire client base off the legacy platform in just two weeks—all while boosting patch compliance from 85% to 98% and cutting unnecessary remote access tools. The project, driven by a need to consolidate a fragmented toolset, now stands as a model for MSPs wrestling with the hidden costs of operational sprawl.

For years, Stability IT built its managed services practice around Kaseya VSA 9, a robust but aging remote monitoring and management suite. As the business grew, so did its collection of ancillary tools: a separate remote control solution, a third-party patching auditor, and an endpoint security agent layered on top of the RMM. “We had accumulated a variety of point products over time,” said Alex Thompson, Founder and Managing Director of Stability IT. “Each one solved a specific problem, but together they created a tangled web that slowed technicians down and introduced security blind spots.” The breaking point came during a routine compliance review, when automated scans revealed patch compliance hovering at 85%—a number that would trigger red flags under frameworks like Cyber Essentials Plus, which many of Stability IT’s clients rely on for insurance and regulatory purposes.

The search for a more unified platform led the team to Datto RMM, a cloud-native solution with built-in remote control via Splashtop, policy-driven automation, and a patch management engine that supports granular approval workflows. Thompson saw an opportunity not just to replace VSA but to shed three separate endpoint agents: the RMM, a standalone remote access tool, and an older monitoring utility. “Reducing our agent footprint was a hard requirement,” he explained. “Every additional piece of software on a customer’s machine adds CPU cycles, increases the attack surface, and gives us one more thing to maintain.” Datto RMM’s single lightweight agent—combined with its direct integration to over 100 third-party application update lists—promised to deliver the consolidation the MSP needed.

The Migration Strategy: Out from Under Itself

Safely removing Kaseya VSA from hundreds of endpoints without leaving a monitoring gap is a classic RMM migration paradox. Stability IT’s operations lead, Sarah Williams, designed a “bootstrap” approach that turned the incumbent tool into the delivery mechanism for its replacement. “We wrote a PowerShell script that downloaded the Datto agent installer from a secured cloud bucket, executed a silent installation, and registered the endpoint using our site-specific token,” Williams said. “That script was pushed via VSA procedures—first to our internal lab, then to low-risk client groups, and finally to the full base.”

The rollout was split into three phases:

  • Phase 1 (Internal & Beta Testers): The script ran on Stability IT’s own workstations and a handful of volunteer clients who agreed to early testing. This uncovered two immediate obstacles: legacy Windows 7 machines lacking TLS 1.2 support, and customer firewalls that blocked the Datto download domain. For Windows 7, the team packaged the installer with a pre-configured cipher update. For firewall issues, a second VSA procedure temporarily opened port 443 to the specific Datto CDN IP(s) during installation.

  • Phase 2 (Batch One – Least Critical): Roughly 40% of endpoints, mainly devices in healthcare and legal firms where downtime is restricted but not life-threatening, were migrated over a single weekend. Technicians monitored the Datto dashboard in real time to confirm agent check-in and policy application. Any machine that failed to report within 30 minutes was flagged for manual remediation.

  • Phase 3 (Batch Two – Full Production): The remaining 60% of endpoints, including servers and workstations in finance and emergency services, were transitioned in three nightly batches. To avoid alerts in both VSA and Datto simultaneously, the VSA agent was disabled only after the Datto agent came online and passed a health check.

Within 14 days, 92% of Stability IT’s 500 managed endpoints were running on Datto RMM, with the remainder addressed individually through hands-on visits.

Patch Compliance: From 85% to 98%

One of the most immediate wins was patch compliance. Under VSA 9, Stability IT struggled with inconsistent deployment windows—particularly for Microsoft’s monthly cumulative updates, which sometimes failed silently on legacy hardware. Datto RMM’s patch management module allows engineers to define automated approval policies that distinguish between security, critical, and optional updates. Williams configured a “ringed” deployment policy: security patches are auto-approved and pushed to a small test ring immediately, and if no issues arise after 48 hours, the deployment expands to the entire estate. Critical and optional updates undergo a similar staged rollout.

“We went from spending hours each week manually vetting patches and chasing down failures, to a system that just works,” Williams noted. “Our compliance dashboard now shows 98% for all client tenants, and the remaining 2% are devices that have been powered off for extended periods.” Such numbers not only satisfy regulatory requirements but also strengthen the MSP’s sales narrative when pitching to prospects who demand rigorous patch SLAs.

Slashing Tool Sprawl and Cutting Costs

Before the migration, Stability IT’s technicians operated across three separate consoles: Kaseya VSA for monitoring and scripting, a standalone remote access product (LogMeIn Central), and a lightweight discovery tool for ad-hoc audits. Each required its own billing, training, and update cadence. Consolidating into Datto RMM eliminated $1,200 per year in redundant licensing and, more importantly, saved an estimated 5 hours per week of technician time previously spent context-switching.

Remote access was a particularly acute pain point. With VSA, remote control was available only through an add-on module that Thompson described as “functional but clunky.” The team had adopted LogMeIn for most sessions, but that introduced a split workflow: open a ticket in the PSA, launch a VSA procedure, then connect through LogMeIn. Datto’s integrated Splashtop remote control places a “connect” button directly inside the device tile of the RMM interface—one click and the technician is on the endpoint’s desktop. “That alone reduced the average remote support session length by about 15%,” Thompson estimated. “Our team spends less time navigating tools and more time solving problems.”

Security Gains: Fewer Agents, Smaller Attack Surface

Each software agent installed on a customer’s endpoint is a potential vector for exploitation. The 2021 Kaseya VSA supply-chain attack, while unrelated to this migration, served as a stark reminder of that reality. By removing three distinct agents and replacing them with one, Stability IT reduced the attack surface per endpoint. “My customers don’t need to know about RMM agents; they just need their systems to be secure,” Thompson said. “With fewer third-party components running as SYSTEM, there are fewer places for an attacker to hide.”

Additionally, Datto RMM’s agent communicates over standard HTTPS and integrates natively with Windows Defender and third-party A/V products, allowing the MSP to enforce security baselines from a single policy. The team is now building out automatic remediation scripts within Datto’s component store—such as restarting critical services or cleaning temp files—that trigger based on the monitoring data the agent already collects, again without requiring an extra tool.

Industry Context: The Shift Toward Consolidation

Stability IT’s journey mirrors a broader trend in the managed services market. According to research from Canalys, over 60% of MSPs cite “too many disjointed tools” as a top operational pain point. The RMM space, once dominated by on-premises heavyweights like Kaseya and ConnectWise, has seen a surge in cloud-first challengers (Datto, NinjaOne, Syncro) that emphasize user experience and integration with modern stacks like Microsoft 365.

“Legacy RMM platforms were built in an era when ticket volume was the primary driver, so they optimized for scripts and event logs,” noted John Miller, an independent MSP consultant. “Today’s MSPs need platforms that natively speak to Azure AD, automate update approval, and offer single-pane-of-glass reporting. Datto RMM’s tight integration with Autotask PSA and IT Glue gives it an edge in operational harmony.”

For Stability IT, the consolidation didn’t stop at RMM. With Datto’s API, the team is now pulling device health data into their existing BrightGauge dashboards to deliver executive-ready reports to clients—no additional connectors required. “We’ve turned what was a backend migration into a client-facing value-add,” Thompson said. “Our customers get a regular email showing their patch compliance trend, endpoint uptime, and even disk health. That transparency builds trust.”

Challenges and Lessons Learned

The migration wasn’t without hiccups. Besides the Windows 7 and firewall issues, the team discovered that some legacy line-of-business applications—particularly a dental practice management suite—required the VSA agent to be uninstalled first because of DLL conflicts. “We had to sequence the uninstall in our script, delay for a system reboot, and then run the Datto installer,” Williams explained. “It taught us that testing can’t cover every permutation; you need a flexible deployment script that can branch based on environment variables.”

Another lesson: policy replication. VSA’s monitoring sets didn’t directly map to Datto’s policy engine, so Williams’ team spent three days manually reconstructing monitoring thresholds, alert rules, and self-healing actions. “We could have cloned them one-for-one, but we took the opportunity to clean house,” she said. “Outdated monitors were discarded, and we standardized on a handful of templates that cover 90% of our client scenarios.” That upfront investment paid off by simplifying ongoing maintenance.

What Other MSPs Can Learn

Stability IT’s experience offers a playbook for MSPs considering a similar leap.

  • Use the incumbent as a bridge: Don’t rip out your current RMM until the new one is proven. VSA’s scripting made the deployment possible, but any tool with remote command execution can serve the same role.
  • Batch relentlessly: Never migrate all clients at once. Group by risk, business hours, and dependencies. Start with a tiny cohort and expand only when you’ve validated success.
  • Test real-world firewalls early: Corporate networks often lock down outbound traffic. Pre-approve the new RMM’s URLs and IPs with your clients’ IT gatekeepers to avoid last-minute callouts.
  • Use the migration to declutter: Don’t blindly carry over legacy monitors and policies. Audit what you actually need, retire what you don’t, and build fresh templates aligned to current security best practices.
  • Measure and celebrate quick wins: Document the improvements—patch compliance, ticket resolution time, agent count—and share them with both your team and your customers. Early momentum sustains morale during the stressful cutover weeks.

Looking Ahead: Building on a Unified Foundation

With the migration complete, Stability IT is turning its attention to advanced automation and managed security services. The MSP plans to deploy Datto RMM’s ransomware detection rules and integrate with a managed SOC to offer EDR as a modular add-on. “We no longer have to worry about whether our underlying monitoring layer can support next-gen features,” Thompson concluded. “Datto RMM gives us a platform, not a product, and that changes the conversations we can have with customers.”

Prestatyn might be a small town, but Stability IT’s strategic bet on consolidation is a signal to MSPs everywhere: tool sprawl is a silent killer of efficiency, and the cure sometimes lies in the very tool you’re replacing. For those willing to script their way out of legacy debt, a leaner, more secure practice awaits on the other side.