Drupal in Cloud
Drupal powered sites hosted in a cloud to create rich websites with excellent user experience.
- Content management
- User rights, groups, and roles management
- Image and attachment management
- Content workflows, acceptance, publishing control
- Full e-commerce platform included
- Multichannel and omnichannel support
- Built-in application framework for self-service portals
- Create beautiful, engaging, and easy to use sites and services
- Publish and manage content anywhere with any device
- Optimise content based on analytics and user behaviour
- Combine content and e-commerce
- Allow visitors to serve themselves with online apps
- Drive up conversions with proper analytics and content tools
- Create subsites for other brands, languages, or regions
£200 per virtual machine per month
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|System requirements||Drupal runs on LAMP stack|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
This depends on agreed service level agreement and issue criticality. Critical issues 30min – 4 hours, major issues 2 hours – 1 day, minor issues 6 hours – 2 days.
The service time is either office hours or 24/7, depending on the contract.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.1 AA or EN 301 549|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Exove offers four packaged cloud support services and a tailored one.
- Workdays 8-16, service monitoring, critical security updates, SLA level 1
- Workdays 8-16, service monitoring, critical security updates, SLA level 2
- Workdays 8-16, service monitoring, all platform updates, monthly reporting, SLA level 3
- 24/7, service monitoring, all platform updates, monthly reporting, SLA level 3
SLA levels are defined in the pricing appendix.
We provide a technical account manager and cloud support engineers, there are no non-technical people providing support.
|Support available to third parties||Yes|
Onboarding and offboarding
We provide content editor and admin training tailored to the organisation taking the system into use. We also provide help and mentoring for the content editors.
Drupal has also extensive online documentation.
|End-of-contract data extraction||Either using the API, scripts made by us, or getting a full database dump.|
|End-of-contract process||We will either shut down the service, transfer the site to a new provider, or provide data to the client, depending on the case. All of these are done on time and material basis and invoiced.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||UI is reflowed to fit on a smaller screen, but no difference in available functionality.|
|Accessibility standards||WCAG 2.1 A|
|Accessibility testing||No tests.|
|What users can and can't do using the API||All major functionality of the platform is available through API.|
|API documentation formats||HTML|
|API sandbox or test environment||Yes|
|Description of customisation||The system can be fully tailored to fit the needs. A lot of the end-user visible customisation can be done using administration interface that is fully accessible to the client. We typically do code level customisations, but we are open to other parties doing the customisations, too. This needs to be agreed separately.|
|Independence of resources||
The service infrastructure is designed and built completely by UpCloud's experienced staff. We have designed the infrastructure to be completely redundant, self-healing and automatically balancing resource usage.
We have solved redundancy issues in physical hardware through having duplicate resources available.
Regarding the software layer, intelligent algorithms take care of load and redundancy issues so that end users do not have to worry about them. Our infrastructure constantly monitors the performance of each cloud service deployed and services are transparently moved between physical hardware to less busy nodes.
UpCloud can also agree separately to deliver certain performance on contractual level.
|Service usage metrics||Yes|
We provide basic metrics on service usage. This includes the following:
Traffic statistics (public and private network)
|Supplier type||Reseller providing extra features and support|
|Organisation whose services are being resold||UpCloud|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||Using readymade API, scripts made by us, or getting a database dump from us.|
|Data export formats||
|Other data export formats||JSON|
|Data import formats||
|Other data import formats||JSON|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
Exove together with UpCloud will guarantee 100% virtual server and network availability to the Customer. The network will be deemed available if UpCloud's routers and switches are available and responding properly. For all unscheduled interruptions in the provision of the Services, which are due to hardware or telecommunications failures that last longer than 5 minutes, UpCloud shall offer compensation to the Customer.
When a failure in the Services has been corrected, UpCloud will offer the Customer compensation which the Customer may reclaim within 15 days. The compensation will be paid to the Customer's service account in the form of credits and may not be exchanged for cash or other forms of payment.
The amount of compensation will be 50 times UpCloud's charges for the Services allocated for the period of the interruption of the Services. The maximum amount of compensation for an individual interruption is 100% of UpCloud's charges for the Services during 30 calendar days preceding the interruption. The total sum of aggregated compensations cannot exceed 250% of UpCloud's charges for the Services during 30 calendar days preceding the latest interruption.
|Approach to resilience||This information is available on request.|
|Outage reporting||UpCloud service is self-aware and informs the user if there is outage &/ the service(s) in question are not reachable through specific status of the services. These details can be retrieved through UpCloud’s public dashboard or API. We also have public status page at https://status.upcloud.com/ which has the possibility to inform users through emails, if there is service components which has downgraded performance, partial outage or total outage.|
Identity and authentication
|User authentication needed||No|
|Access restrictions in management interfaces and support channels||
System supports account, role, and group based rights management to control who is able to perform certain functions on the system. The rights system can be configured either by Exove or the customer to fit the exact needs of the customer.
The system can also be connected to an LDAP or SSO system for controlling access rights and accounts.
The access is granted based on the mechanisms described in the following question about management access, the suitable mechanism is selected together with the customer.
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||You control when users can access audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||You control when users can access audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||
UpCloud has a three-pronged approach to security governance: Operational, Tactical and Strategic.
Security governance starts with the requirement to protect users data in process-driven manner. The security starts from the highest level, with strict directives on information security is interpretation and implementation.
On tactical level, the directives and guidance from strategic level direct creating policies and organization wide guidelines and standards, which are implemented into lower level policies at operational level.
Operational level implements the tactical level policies, guidelines and standards to day-to-day operations.
Executive management directives can be traced from strategic level, through tactical level onto the operational level.
|Information security policies and processes||
UpCloud follows the tight security policies set by Finnish government on the services we provide and all other legal requirements that fall under the services we provide. UpCloud’s core business and processes are governed by organization wide, written security policy which is approved by the acting management.
UpCloud’s responsibility regarding data security is mainly towards our users and secondary to governmental organizations, according to local law on each country where data resides.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
UpCloud’s change and configuration management tools and processes are built from the grounds up by in-house team; providing our users 100% reliable and scalable platform to grow their business.
Change and configuration management processes define how we handle both our hardware and software, which combined with heavy automation makes the end-product a scalable and reliable cloud platform.
All changes to hardware and software are automatically tracked, whether the component be in production environment, pre-production environment, staging environment or internal testing environments.
All software components put into production go through Quality Assurance process, including notoriously tight security reviews of all components.
|Vulnerability management type||Undisclosed|
|Vulnerability management approach||
UpCloud closely monitors and proactively assesses different potential threats to our services and users.
In the past five years there has been two major global security incidents that have affected all cloud computing service providers. UpCloud has been one of the first ones globally to validate, test and deploy security patches throughout our infrastructure without any customer downtime. Please refer to our public, transparent communication regarding January 2018 CPU vulnerability: https://status.upcloud.com/incidents/9r9t34f98p28
UpCloud closely works with major hardware and software vendors, and gains continuous insight of potential security threats.
We work closely with every major national Computer Emergency Response Team’s (CERT).
|Protective monitoring type||Undisclosed|
|Protective monitoring approach||
UpCloud monitors various aspect of our services and using a set of known and learned parameters we raise internal issue to our team. Our focus is to discover underlying problems before they cause any issues to our users. We closely monitor hardware and software of any impending potential future issues.
We address all potential issues that might affect our service in matter of hours. This is part of the on-going process to improve our services, so we can provide 100% SLA to all users.
Average response time to incidents in 2018 has been two minutes.
|Incident management type||Supplier-defined controls|
|Incident management approach||
UpCloud operates global services 24/7/365 with own personnel and pre-defined incident management process. In the past year, over 85% of incidents reported/diagnosed fall under pre-defined processes, which are regularly updated and trained to our employees.
Users have wide variety of methods to report incidents in the services we provide. Currently users have three different communication methods to report incidents that have occurred: Through telephone, e-mail or web-based real-time chat. We are constantly looking for ways to be present in the services/tools our users utilize in their daily life.
All incident reports are publicly available through UpCloud’s status-page located at https://status.upcloud.com
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£200 per virtual machine per month|
|Discount for educational organisations||No|
|Free trial available||No|