Hosting
Where your ecosystem actually lives.
Three hosting models, one operational philosophy: EU data sovereignty by default, portable architecture, and no hostage-taking. Pick Abstract-managed cloud under EU & German jurisdiction, bring your own cloud account on AWS / GCP / Azure / OVH, or run the whole stack on-premise - including fully air-gapped deployments where your IT policy requires it.
The three models
Pick the hosting that fits your posture - not ours.
Different organisations have different non-negotiables. Some can't accept non-EU data residency. Some can't accept a third party touching their cloud account. Some have a CIO who wants infrastructure they can walk into. All three are valid; we support all three.
Abstract-managed EU cloud
We host your learning ecosystem on Frankfurt infrastructure operated by our German hosting partners, under German jurisdiction with a standard DPA. Managed Kubernetes k3s provides scaling, redundancy and update automation. You stay focused on learners; we run the stack.
EU & German Jurisdiction
Standard DPA under EU Article 28 GDPR
Managed Kubernetes k3s - scaling & redundancy
Automated patching on agreed change windows
Daily backups, 30-day retention as standard
Sub-processor list published with 30-day change notice
Your own cloud setup
Open edX and the surrounding ecosystem deployed into your existing cloud account - AWS, Google Cloud, Azure, OVH, or any major European provider. Your bill, your region, your compliance perimeter. We handle deployment, configuration and ongoing management; your infrastructure team keeps visibility and control.
Deploy to AWS, GCP, Azure, OVH or similar
Your cloud bill stays with you, directly
Region & availability-zone strategy is yours
We manage the application layer; you own cloud-level policy
Integrates with your existing IAM, VPC, logging
Same Kubernetes deployment architecture
On-premise & air-gapped
Installed on your data-centre hardware. Optionally fully network-isolated from the internet for organisations whose IT policy requires air-gap. Updates happen as scheduled on-site visits, quarterly by default - because an air-gap that syncs automatically is not an air-gap. Public-sector clients, regulated industries and national institutions typically pick this model.
Installed on your hardware, in your data centre
Optional full air-gap - zero internet connectivity
Quarterly scheduled on-site update visits
Change control aligns with your policy, not ours
Documentation handover so your team can run it
Optional remote support if policy permits
What's included
Clear matrix, by model.
| Managed Cloud | Your Cloud | On-Premise | |
|---|---|---|---|
| Capability | |||
| EU data residency | |||
| Standard DPA (EU GDPR Article 28) | Joint | ||
| Managed Kubernetes k3s | |||
| Automated patching & minor updates | Quaterly | ||
| Major Open edX release upgrades | |||
| Daily backups , 30-day retention | Joint | ||
| Quarterly restore tests | Optional | ||
| Monitoring & alerting | Optional | ||
| Incident response plan | Joint | ||
| Cloud infrastructure cost | Ours | Yours | Yours |
| Air-gapped operation | |||
Support & SLA tiers
Three support postures. Published targets.
Support and SLA are separated from the hosting model because they're independent choices. Every tier has published response targets, measurement windows and credit structures in the SLA schedule - we don't headline a single uptime percentage because what matters is the specific SLA clause, not a marketing number.
Tier 01 - Business Hours
Most PopularBusiness-hours response (09:00–17:00 CET, Monday–Friday). Email and ticket channels. Suitable for non-critical deployments and pilot environments.
Learn more- Response: Next business day for normal priority
- Escalation: Critical issues within business day
- Channels: Email, ticketing system
- Included: Patching, backups, standard monitoring
Tier 02 - Extended Hours
Extended coverage (07:00–20:00 CET, Monday–Saturday). Email and ticket channels. Suitable for most production deployments with regular learner activity.
Learn more- Response: Same-day for normal priority
- Escalation: Defined windows by severity
- Channels: Email, ticketing system
- Included: Quarterly platform health reviews
Tier 03 - 24/7 Enhanced
Round-the-clock coverage with a named engineer on call. Phone, email, ticket, and optional dedicated Slack or Teams channel. For critical deployments where hours of downtime are meaningful cost events.
Learn more- Response: Defined response within 1 hour
- Escalation: Named engineer on-call rotation
- Channels: Phone, email, tickets, optional chat
- Included: Twice-yearly strategic roadmap sessions
What's standard. Across every tier.
Security posture
Encryption in transit
TLS 1.2+ for all external and internal service-to-service communication. HSTS enforced at the edge. Certificate rotation automated.
Encryption at rest
Disk-level encryption for the database, content stores, and backup archives. Key rotation on schedule; key access audited.
Role-based access
Platform roles, instance-level admin access, and infrastructure access are separately scoped. Access reviews documented quarterly.
Audit logging
Application events, admin actions, infrastructure access, and user data-subject requests all logged with retention aligned to GDPR expectations.
Bring the requirements. We'll pick the model.
Book a 30-minute discovery call. Bring your data-residency rules, your compliance obligations, your cloud-ops capability, and your budget posture - we'll tell you which of the three models fits, what it costs, and what the SLA should look like for your use case.
