Wunder Ltd

Hosting for Drupal Web Applications

Wunder's Hosting service ensures the uptime, security and reliability of your Drupal web application. Our team of Drupal experts is on hand to respond to your requests, as well as working proactively.


  • Support ticket system to raise requests
  • Max 4 hour response time as standard (1 hr available)
  • EU based support team
  • Proactive monitoring and support actions
  • The largest team of Drupal experts in Europe
  • Answers when your users and admins are stuck
  • Expert advice to make best use of your application


  • Expert help to ensure your application is secure and stable
  • Meet your data protection requirements
  • Flexible service levels can be scaled up for your needs


£155 per server

Service documents

G-Cloud 9


Wunder Ltd

Luke Branford



Service scope

Service scope
Service constraints Our Hosting service is only available to customers with web applications built on the Drupal CMS.
System requirements
  • Drupal CMS
  • Internet connection

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Normal response time is 4 hours, in critical incidents the response time is 1 hour.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), 7 days a week
Web chat support accessibility standard None or don’t know
How the web chat support is accessible We use Slack as support chat tool. Slack can be used by browser and it also has a native client for different platforms and mobile devices. Users can customize notifications, user interface and accessibility settings.
Web chat accessibility testing Wunder has not done web chat testing with assistive technology users
Onsite support No
Support levels Our hosting environment has N+1 redundancy and our SLA for hosting is 99.99%. Our basic support serves 9-17/5, but it can be extended to 9-20/5 or 24/7. Extended service cost is agreed with clients. We provide both technical account manager and cloud support engineers.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We onboard our clients carefully to ensure a smooth start when using our services. We plan on-boarding together with you, based on your needs. We can also provide on-site training, online training and documentation as required.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats Confluence wiki pages
End-of-contract data extraction We provide all data to our customers in any format that helps them the best.
End-of-contract process Ending the contract does not add any additional costs.

Using the service

Using the service
Web browser interface Yes
Using the web interface Users have a web interface to the ticketing system. Users have credentials to the hosted Drupal application. The application level user roles and rights are defined in the onboarding phase.
Web interface accessibility standard None or don’t know
How the web interface is accessible Wunder uses Jira as a ticketing system (WCAG 2.0 AA). Web applications developed by Wunder are by default accessible and accessibility requirements are defined in the project phase.
Web interface accessibility testing Wunder has experience from implementing screen readers to the web applications it has developed and from accessibility testing against WCAG standards.
What users can and can't do using the API API is available to the ticketing system and we can build customised APIs to web applications we host.
API automation tools
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
API documentation Yes
API documentation formats Other
Command line interface No


Scaling available Yes
Scaling type Manual
Independence of resources Our approach is to assign a dedicated support team for each of our customer partnerships. This ensures that your requirements are not affected by the demands of other customer projects or support services.
Usage notifications Yes
Usage reporting
  • Email
  • Other


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold UpCloud based hosting infrastructure. We also manage other hosting platforms.

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency Less than once a year
Penetration testing approach In-house
Protecting data at rest Other
Other data at rest protection approach Physical access to data is disabled. Access to servers is limited by IP address. Sensitive data can be encrypted and the encryption keys are stored in external vault.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Server snapshot
  • Database backup
Backup controls Server snapshots are done on daily basis and database backups are done 4 times a day by default. Changing backup scope or schedule can be done simply through a service request. Testing the recovery of backups is automated.
Datacentre setup Multiple datacentres
Scheduling backups Users contact the support team to schedule backups
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability SLA for hosting is 99.99%. Eligibility for compensation is 5 minutes, 50% discount of monthly fee in case of SLA violation.
Approach to resilience All cloud services are deployed on enterprise-grade hardware. Together with our in-house developed software and proprietary MaxIOPS storage technology, you will get industry-leading performance and redundancy at all times.

With N+1 redundancy throughout our entire infrastructure, all single points of failure have been eliminated. If a component fails, another immediately takes its place. Our N+1 philosophy starts from the data centres we utilise, meaning that all vital datacenter specific infrastructure is at least duplicated, from power supply to cooling systems. Our preferred hosting partner operates its own core Internet network with multiple Internet-transit providers, with fully redundant routers and switches which interconnect all computing and storage resources. All customer data is stored on redundant storage-backends, meaning that your data is secure.

With the N+1 redundancy policy in place, it enables us to support live migration of customers cloud services without an interruption to the service, example when performing maintenance & security patches throughout the cloud infrastructure.
Outage reporting Reporting is done via both Slack channel and ticketing system that sends email alerts to our customers.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Other
Other user authentication SSH access is gated behind IP ranges and automatically controlled SSH keys.
The access to server environment is limited to Wunder's infra team with personal accounts with 2FA.
Access restrictions in management interfaces and support channels We work with our customers to ascertain which of their representatives need access to support channels and we manage accesses. Our customers are obliged to inform us if there's changes in personnel.
Access restriction testing frequency Never
Management access authentication
  • 2-factor authentication
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach Wunder security team reports directly to the CTO who governs security at company level.
Information security policies and processes Wunder is a Cyber Essentials certified service provider and we follow those principles.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Service configuration is saved in a version control system. Changes are deployed by using an automated provisioning system. All the change requests are documented as tickets. Changes are always agreed and scheduled with our customers. Security impacts are evaluated by Wunder's security team. Wunder is also open for 3rd party security audits.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our Security Team constantly analyses the services and identifies possible vulnerable issues. Depending on the severity, patching takes place from ASAP to a bi-monthly upgrade window. For Drupal security updates we analyse the vulnerability and what the mitigating factors are, and if needed updates take place on next day.
We monitor many different security feeds in an aggregated RSS feed from CVE announcements, OS/CMS specific security feeds to well known security blogs.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Our hosting service is equipped with automated log rotation and monitoring. Alarms are created automatically in case of compromises. Each compromise is analysed from the risk and impact points of view.

Resolving the compromise follows our standard Incident Management process. We provide incident management with 2 hours response time for critical incidents and 8 hours for normal incidents. The response times are negotiable.
Incident management type Supplier-defined controls
Incident management approach Wunder's incident management process combines the best practices of ITIL and DevOps. Users can report incidents by using a ticketing system or raising an incident by email.
Users have an access to the ticketing system to see real time reports.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Third-party
Third-party virtualisation provider Upcloud
How shared infrastructure is kept separate Each organisation has isolated virtual servers that only share virtualisation platform.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £155 per server
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑