Hosting
Where your ecosystem actually lives.
Three hosting models, one operational philosophy: EU data sovereignty by default, portable architecture, and no hostage-taking. Pick Abstract-managed cloud under EU & German jurisdiction, bring your own cloud account on AWS / GCP / Azure / OVH, or run the whole stack on-premise - including fully air-gapped deployments where your IT policy requires it.
The three models
Pick the hosting that fits your posture - not ours.
Different organisations have different non-negotiables. Some can't accept non-EU data residency. Some can't accept a third party touching their cloud account. Some have a CIO who wants infrastructure they can walk into. All three are valid; we support all three.
Abstract-managed EU cloud
We host your learning ecosystem on Frankfurt infrastructure operated by our German hosting partners, under German jurisdiction with a standard DPA. Managed Kubernetes k3s provides scaling, redundancy and update automation. You stay focused on learners; we run the stack.
EU & German Jurisdiction
Standard DPA under EU Article 28 GDPR
Managed Kubernetes k3s - scaling & redundancy
Automated patching on agreed change windows
Daily backups, 30-day retention as standard
Sub-processor list published with 30-day change notice
Your own cloud setup
Open edX and the surrounding ecosystem deployed into your existing cloud account - AWS, Google Cloud, Azure, OVH, or any major European provider. Your bill, your region, your compliance perimeter. We handle deployment, configuration and ongoing management; your infrastructure team keeps visibility and control.
Deploy to AWS, GCP, Azure, OVH or similar
Your cloud bill stays with you, directly
Region & availability-zone strategy is yours
We manage the application layer; you own cloud-level policy
Integrates with your existing IAM, VPC, logging
Same Kubernetes deployment architecture
On-premise & air-gapped
Installed on your data-centre hardware. Optionally fully network-isolated from the internet for organisations whose IT policy requires air-gap. Updates happen as scheduled on-site visits, quarterly by default - because an air-gap that syncs automatically is not an air-gap. Public-sector clients, regulated industries and national institutions typically pick this model.
Installed on your hardware, in your data centre
Optional full air-gap - zero internet connectivity
Quarterly scheduled on-site update visits
Change control aligns with your policy, not ours
Documentation handover so your team can run it
Optional remote support if policy permits
What's included
Clear matrix, by model.
| Managed Cloud | Own Cloud | On-Premise | |
|---|---|---|---|
| Services | |||
| Data storage within the EU | |||
| Standard contractual clauses (Article 28 of the EU GDPR) | Joint | ||
| Managed Kubernetes k3s | |||
| Automated patching & minor updates | Quaterly | ||
| Major Open edX release upgrades | |||
| Daily backups, 30-day retention period | Joint | ||
| Quarterly recovery tests | Optional | ||
| Monitoring & Alerts | Optional | ||
| Emergency plan | Joint | ||
| Costs for cloud infrastructure | Ours | Yours | Yours |
| Air-gapped operation | |||
Support & SLA tiers
Three support postures. Published targets.
Support and SLA are separated from the hosting model because they're independent choices. Every tier has published response targets, measurement windows and credit structures in the SLA schedule - we don't headline a single uptime percentage because what matters is the specific SLA clause, not a marketing number.
Level 01 – Business hours
Most popularSupport during business hours (09:00–17:00 CET, Monday–Friday). Email and ticketing system. Suitable for non-critical deployments and pilot environments.
Learn more- Response the next working day (standard priority)
- Escalation: Critical issues within one working day
- Channels: email, ticketing system
- Includes: patches, backups, standard monitoring
Level 02 – Extended Support
Extended support (07:00–20:00 CET, Monday–Saturday). Email and ticketing system. Suitable for most production environments with regular user activity.
Learn more- Response the same day for standard priority
- Escalation: Time slots defined by severity
- Channels: email, ticketing system
- Includes: Quarterly platform health checks
Level 03 – 24/7 support
Round-the-clock support from a dedicated contact person. Telephone, email, ticket system and, optionally, a dedicated Slack or Teams channel. For critical deployments where downtime of just a few hours can result in significant costs.
Learn more- Response within 1 hour
- Escalation: Rotation of designated on-call engineers
- Channels: telephone, email, tickets, optional chat
- Includes: Meetings on the strategic roadmap twice a year
What's standard. Across every tier.
Security posture
Encryption in transit
TLS 1.2+ for all external and internal service-to-service communication. HSTS enforced at the edge. Certificate rotation automated.
Encryption at rest
Disk-level encryption for the database, content stores, and backup archives. Key rotation on schedule; key access audited.
Role-based access
Platform roles, instance-level admin access, and infrastructure access are separately scoped. Access reviews documented quarterly.
Audit logging
Application events, admin actions, infrastructure access, and user data-subject requests all logged with retention aligned to GDPR expectations.
Bring the requirements. We'll pick the model.
Book a 30-minute discovery call. Bring your data-residency rules, your compliance obligations, your cloud-ops capability, and your budget posture - we'll tell you which of the three models fits, what it costs, and what the SLA should look like for your use case.
