Drupal in Cloud

Drupal powered sites hosted in a cloud to create rich websites with excellent user experience.


  • Content management
  • User rights, groups, and roles management
  • Image and attachment management
  • Content workflows, acceptance, publishing control
  • Full e-commerce platform included
  • Multichannel and omnichannel support
  • Built-in application framework for self-service portals


  • Create beautiful, engaging, and easy to use sites and services
  • Publish and manage content anywhere with any device
  • Optimise content based on analytics and user behaviour
  • Combine content and e-commerce
  • Allow visitors to serve themselves with online apps
  • Drive up conversions with proper analytics and content tools
  • Create subsites for other brands, languages, or regions


£200 per virtual machine per month

Service documents


G-Cloud 11

Service ID

6 9 9 6 8 0 3 0 5 1 1 3 2 7 0



Exove UK



Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
System requirements
Drupal runs on LAMP stack

User support

Email or online ticketing support
Email or online ticketing
Support response times
This depends on agreed service level agreement and issue criticality. Critical issues 30min – 4 hours, major issues 2 hours – 1 day, minor issues 6 hours – 2 days.

The service time is either office hours or 24/7, depending on the contract.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
Exove offers four packaged cloud support services and a tailored one.

- Workdays 8-16, service monitoring, critical security updates, SLA level 1
- £500/month

- Workdays 8-16, service monitoring, critical security updates, SLA level 2
- £700/month

- Workdays 8-16, service monitoring, all platform updates, monthly reporting, SLA level 3
- £1400/month

Large 24/7
- 24/7, service monitoring, all platform updates, monthly reporting, SLA level 3
- £3200/month

SLA levels are defined in the pricing appendix.

We provide a technical account manager and cloud support engineers, there are no non-technical people providing support.
Support available to third parties

Onboarding and offboarding

Getting started
We provide content editor and admin training tailored to the organisation taking the system into use. We also provide help and mentoring for the content editors.

Drupal has also extensive online documentation.
Service documentation
Documentation formats
End-of-contract data extraction
Either using the API, scripts made by us, or getting a full database dump.
End-of-contract process
We will either shut down the service, transfer the site to a new provider, or provide data to the client, depending on the case. All of these are done on time and material basis and invoiced.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
UI is reflowed to fit on a smaller screen, but no difference in available functionality.
Service interface
Description of service interface
Drupal admin interface and cloud service interface for basic cloud instance management (restart, shutdown, etc.)
Accessibility standards
WCAG 2.1 A
Accessibility testing
No tests.
What users can and can't do using the API
All major functionality of the platform is available through API.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
The system can be fully tailored to fit the needs. A lot of the end-user visible customisation can be done using administration interface that is fully accessible to the client. We typically do code level customisations, but we are open to other parties doing the customisations, too. This needs to be agreed separately.


Independence of resources
The service infrastructure is designed and built completely by UpCloud's experienced staff. We have designed the infrastructure to be completely redundant, self-healing and automatically balancing resource usage.

We have solved redundancy issues in physical hardware through having duplicate resources available.

Regarding the software layer, intelligent algorithms take care of load and redundancy issues so that end users do not have to worry about them. Our infrastructure constantly monitors the performance of each cloud service deployed and services are transparently moved between physical hardware to less busy nodes.

UpCloud can also agree separately to deliver certain performance on contractual level.


Service usage metrics
Metrics types
We provide basic metrics on service usage. This includes the following:
Traffic statistics (public and private network)
IO load
Reporting types
  • API access
  • Real-time dashboards


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Protecting data at rest
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Using readymade API, scripts made by us, or getting a database dump from us.
Data export formats
  • CSV
  • Other
Other data export formats
Data import formats
  • CSV
  • Other
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Exove together with UpCloud will guarantee 100% virtual server and network availability to the Customer. The network will be deemed available if UpCloud's routers and switches are available and responding properly. For all unscheduled interruptions in the provision of the Services, which are due to hardware or telecommunications failures that last longer than 5 minutes, UpCloud shall offer compensation to the Customer.

When a failure in the Services has been corrected, UpCloud will offer the Customer compensation which the Customer may reclaim within 15 days. The compensation will be paid to the Customer's service account in the form of credits and may not be exchanged for cash or other forms of payment.

The amount of compensation will be 50 times UpCloud's charges for the Services allocated for the period of the interruption of the Services. The maximum amount of compensation for an individual interruption is 100% of UpCloud's charges for the Services during 30 calendar days preceding the interruption. The total sum of aggregated compensations cannot exceed 250% of UpCloud's charges for the Services during 30 calendar days preceding the latest interruption.
Approach to resilience
This information is available on request.
Outage reporting
UpCloud service is self-aware and informs the user if there is outage &/ the service(s) in question are not reachable through specific status of the services. These details can be retrieved through UpCloud’s public dashboard or API. We also have public status page at https://status.upcloud.com/ which has the possibility to inform users through emails, if there is service components which has downgraded performance, partial outage or total outage.

Identity and authentication

User authentication needed
Access restrictions in management interfaces and support channels
System supports account, role, and group based rights management to control who is able to perform certain functions on the system. The rights system can be configured either by Exove or the customer to fit the exact needs of the customer.

The system can also be connected to an LDAP or SSO system for controlling access rights and accounts.

The access is granted based on the mechanisms described in the following question about management access, the suitable mechanism is selected together with the customer.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
UpCloud has a three-pronged approach to security governance: Operational, Tactical and Strategic.

Security governance starts with the requirement to protect users data in process-driven manner. The security starts from the highest level, with strict directives on information security is interpretation and implementation.

On tactical level, the directives and guidance from strategic level direct creating policies and organization wide guidelines and standards, which are implemented into lower level policies at operational level.

Operational level implements the tactical level policies, guidelines and standards to day-to-day operations.

Executive management directives can be traced from strategic level, through tactical level onto the operational level.
Information security policies and processes
UpCloud follows the tight security policies set by Finnish government on the services we provide and all other legal requirements that fall under the services we provide. UpCloud’s core business and processes are governed by organization wide, written security policy which is approved by the acting management.

UpCloud’s responsibility regarding data security is mainly towards our users and secondary to governmental organizations, according to local law on each country where data resides.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
UpCloud’s change and configuration management tools and processes are built from the grounds up by in-house team; providing our users 100% reliable and scalable platform to grow their business.

Change and configuration management processes define how we handle both our hardware and software, which combined with heavy automation makes the end-product a scalable and reliable cloud platform.

All changes to hardware and software are automatically tracked, whether the component be in production environment, pre-production environment, staging environment or internal testing environments.

All software components put into production go through Quality Assurance process, including notoriously tight security reviews of all components.
Vulnerability management type
Vulnerability management approach
UpCloud closely monitors and proactively assesses different potential threats to our services and users.

In the past five years there has been two major global security incidents that have affected all cloud computing service providers. UpCloud has been one of the first ones globally to validate, test and deploy security patches throughout our infrastructure without any customer downtime. Please refer to our public, transparent communication regarding January 2018 CPU vulnerability: https://status.upcloud.com/incidents/9r9t34f98p28

UpCloud closely works with major hardware and software vendors, and gains continuous insight of potential security threats.

We work closely with every major national Computer Emergency Response Team’s (CERT).
Protective monitoring type
Protective monitoring approach
UpCloud monitors various aspect of our services and using a set of known and learned parameters we raise internal issue to our team. Our focus is to discover underlying problems before they cause any issues to our users. We closely monitor hardware and software of any impending potential future issues.

We address all potential issues that might affect our service in matter of hours. This is part of the on-going process to improve our services, so we can provide 100% SLA to all users.

Average response time to incidents in 2018 has been two minutes.
Incident management type
Supplier-defined controls
Incident management approach
UpCloud operates global services 24/7/365 with own personnel and pre-defined incident management process. In the past year, over 85% of incidents reported/diagnosed fall under pre-defined processes, which are regularly updated and trained to our employees.

Users have wide variety of methods to report incidents in the services we provide. Currently users have three different communication methods to report incidents that have occurred: Through telephone, e-mail or web-based real-time chat. We are constantly looking for ways to be present in the services/tools our users utilize in their daily life.

All incident reports are publicly available through UpCloud’s status-page located at https://status.upcloud.com

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£200 per virtual machine per month
Discount for educational organisations
Free trial available

Service documents

Return to top ↑