Cloud Hosting

ORION has proudly partnered with and currently uses reliable hosting platforms in the Drupal and Open Source ecosystems such as AWS, Platform SH, Acquia (founded by Drupal’s founder, Dries Buytaert), Pantheon and more. For the requirements of any web hosting provision, we use the most secure and reliable combination of resources, fully compatible with Drupal, WordPress, Webflow, Shopify and other CMSs as well as bespoke web applications.

Rich features

Security

We are compliant with major security and privacy standards that ensure customer privacy, including the European GDPR, German BDSG, Canadian PIPEDA, the Australian Privacy Act, and HIPAA. Our platforms undergo annual SOC 2 Type 2 audits over Security, Privacy, and Availability as well as annual PCI DSS Level 1 audits for all regions hosted on Amazon Web Services, Microsoft Azure, and Google Cloud.
Our infrastructure employs both security groups and iptables firewalls. Only HTTP/S and SSH are allowed in.

Internal logging and monitoring

We will log and monitor access and we will be alerted when potential threats to our containment model have been discovered.

Cryptography and user security

Both websites will adhere to our cryptographic controls policy, which mandates the use of strong, industry-standard cryptographic measures.
These measures include TLS for data in transit, encrypted disks, and support for 2FA.

Auto-redundant architecture

Hosting will come with automated triple redundancy for every element of the stack, as well as automated full-cluster backups.

Encryption

All customer application data in transit is encrypted by default. Plus, data will only be internally for support reasons at the council’s request, or to fix or prevent an outage.

Updates and stack management

Automatic updates: The hosting infrastructure regularly goes through update cycles for its container images for the latest security updates from upstream providers. These updates aren't pushed automatically. The latest available version of every requested container is loaded on each deployment to a given environment of any given website. So, after a scheduled deployment, the council will always be guaranteed to run the latest version of a container.

Access control and audits

Access control management will be automated and centralised and we will always apply the principle of least privilege. Any dashboard login can be enforced through a second authentication method.

Project and data isolation

Each website will run in isolation (geographic and project-based) with the most minimal network surface possible. Every service is network isolated from other services.

Global managed CDN

Our platform makes it easier to integrate the websites with a CDN (versus configuring all the CDN/cloud bits yourself).

Read-only filesystem

User code is read-only so no unwanted changes can be made.

Backups

Automatic backups will be set up on both websites to prevent data loss.

Availability 99.99%

We understand even the slightest outage can have an incredible impact on business. We will provide everything needed to keep both websites up and running through the use of our effective automated support system, backups, byte-for-byte clones of production environments, and an SLA of 99.99% uptime, so the council can consistently give its audience the best digital experience possible, without sacrificing security.

Auto-scaling and DDoS protection

Developers can leverage our built-in reverse proxy cache, TLS encryption on all connections, and optional Distributed Denial of Service prevention. Our orchestration system can automatically increase the resources of both websites’ production environments in minutes, so the websites remain available even under the most stressful of traffic surges.

Load balancing

The applications will scale without interruption with traditional load balancing in place or equivalent modern approaches that ensure optimal continuity of service.

Support

Availability incident handling

Our hosting solution uses internally developed tooling to collect metrics and to alert us (or your team) if any of these metrics goes out of bounds. When an outage is detected, a point-in-time report is generated. This report is used by the support team to triage the cause of the outage. A dedicated availability monitoring system is configured for every web hosting project ORION implements.

Application performance monitoring

Our hosting platform offers application performance and infrastructure monitoring based on modern technologies that uniquely combine monitoring, profiling, and performance testing. New Relic is also supported for infrastructure monitoring.

Support requests

In the rare scenario where incidents do not fall into the above categories, our clients' staff will have the ability to raise support tickets on an ad-hoc basis.