Hosting
Where your ecosystem actually lives.
Three hosting models, one operational philosophy: EU data sovereignty by default, portable architecture, and no hostage-taking. Pick Abstract-managed cloud under EU & German jurisdiction, bring your own cloud account on AWS / GCP / Azure / OVH, or run the whole stack on-premise - including fully air-gapped deployments where your IT policy requires it.
The three models
Pick the hosting that fits your posture - not ours.
Different organisations have different non-negotiables. Some can't accept non-EU data residency. Some can't accept a third party touching their cloud account. Some have a CIO who wants infrastructure they can walk into. All three are valid; we support all three.
Abstract-managed EU cloud
We host your learning ecosystem on Frankfurt infrastructure operated by our German hosting partners, under German jurisdiction with a standard DPA. Managed Kubernetes k3s provides scaling, redundancy and update automation. You stay focused on learners; we run the stack.
EU & German Jurisdiction
Standard DPA under EU Article 28 GDPR
Managed Kubernetes k3s - scaling & redundancy
Automated patching on agreed change windows
Daily backups, 30-day retention as standard
Sub-processor list published with 30-day change notice
Your own cloud setup
Open edX and the surrounding ecosystem deployed into your existing cloud account - AWS, Google Cloud, Azure, OVH, or any major European provider. Your bill, your region, your compliance perimeter. We handle deployment, configuration and ongoing management; your infrastructure team keeps visibility and control.
Deploy to AWS, GCP, Azure, OVH or similar
Your cloud bill stays with you, directly
Region & availability-zone strategy is yours
We manage the application layer; you own cloud-level policy
Integrates with your existing IAM, VPC, logging
Same Kubernetes deployment architecture
On-premise & air-gapped
Installed on your data-centre hardware. Optionally fully network-isolated from the internet for organisations whose IT policy requires air-gap. Updates happen as scheduled on-site visits, quarterly by default - because an air-gap that syncs automatically is not an air-gap. Public-sector clients, regulated industries and national institutions typically pick this model.
Installed on your hardware, in your data centre
Optional full air-gap - zero internet connectivity
Quarterly scheduled on-site update visits
Change control aligns with your policy, not ours
Documentation handover so your team can run it
Optional remote support if policy permits
What's included
Clear matrix, by model.
| Managed Cloud | Ihre Cloud | On-Premise | |
|---|---|---|---|
| Leistung | |||
| Datenaufbewahrungsort in der EU | |||
| Standard-Vertragsklauseln (Artikel 28 der EU-DSGVO) | Joint | ||
| Managed Kubernetes k3s | |||
| Automatisiertes patching & kleinere updates | Quaterly | ||
| Wichtige Open edX-Upgrades | |||
| Tägliche backups, 30-tägige Aufbewahrungsfrist | Joint | ||
| Vierteljährliche Wiederherstellungstests | Optional | ||
| Monitoring & Warnungen | Optional | ||
| Notfallplan | Joint | ||
| Kosten für die Cloud-Infrastruktur | Ours | Yours | Yours |
| Air-gapped Betrieb | |||
Support & SLA tiers
Three support postures. Published targets.
Support and SLA are separated from the hosting model because they're independent choices. Every tier has published response targets, measurement windows and credit structures in the SLA schedule - we don't headline a single uptime percentage because what matters is the specific SLA clause, not a marketing number.
Stufe 01 – Geschäftszeiten
Meist gewählte OptionSupport während der Geschäftszeiten (09:00–17:00 Uhr MEZ, Montag–Freitag). E-Mail und Ticket-System. Geeignet für nicht kritische Bereitstellungen und Pilotumgebungen.
Learn more- Antwort: Am nächsten Werktag bei normaler Priorität
- Eskalation: Kritische Probleme innerhalb eines Werktags
- Kanäle: E-Mail, Ticket-System
- Enthält: Patches, Backups, Standardüberwachung
Stufe 02 – Erweiterter Support
Erweiterter Support (07:00–20:00 Uhr MEZ, Montag–Samstag). E-Mail und Ticket-System. Geeignet für die meisten Produktionsumgebungen mit regelmäßiger Nutzeraktivität.
Learn more- Antwort: Bei normaler Priorität noch am selben Tag
- Eskalation: Nach Schweregrad definierte Zeitfenster
- Kanäle: E-Mail, Ticket-System
- Enthält: Vierteljährliche Überprüfungen des Plattformzustands
Stufe 03 – 24/7 Support
Rund-um-die-Uhr-Betreuung durch einen festen Ansprechpartner. Telefon, E-Mail, Ticket-System und optional ein eigener Slack- oder Teams-Kanal. Für kritische Bereitstellungen, bei denen Ausfallzeiten von nur wenigen Stunden erhebliche Kosten verursachen.
Learn more- Antwort: Antwort innerhalb von 1 Stunde
- Eskalation: Rotation der benannten Bereitschaftsingenieure
- Kanäle: Telefon, E-Mail, Tickets, optionaler Chat
- Enthält: Zweimal jährlich stattfindende Sitzungen zur strategischen Roadmap
What's standard. Across every tier.
Security posture
Encryption in transit
TLS 1.2+ for all external and internal service-to-service communication. HSTS enforced at the edge. Certificate rotation automated.
Encryption at rest
Disk-level encryption for the database, content stores, and backup archives. Key rotation on schedule; key access audited.
Role-based access
Platform roles, instance-level admin access, and infrastructure access are separately scoped. Access reviews documented quarterly.
Audit logging
Application events, admin actions, infrastructure access, and user data-subject requests all logged with retention aligned to GDPR expectations.
Bring the requirements. We'll pick the model.
Book a 30-minute discovery call. Bring your data-residency rules, your compliance obligations, your cloud-ops capability, and your budget posture - we'll tell you which of the three models fits, what it costs, and what the SLA should look like for your use case.
