Platform.sh is now Upsun. Click here to learn more
Upsun Fixed User Documentation

Security and monitoring

Back to home

On this page

Try Upsun for 15 days
After that, enjoy the same, game-changing Upsun features for less with the First Project Incentive!¹ A monthly $19 perk!
Activate your 15-day trial
¹Terms and conditions apply

We use a combination of three trusted methods to ensure your site is secure and running at all times: 

Security is handled in a similar way for both Dedicated Gen 2 and Dedicated Gen 3 projects, with strict procedures that are followed to handle incidents.

Project isolation  Anchor to this heading

All Dedicated clusters are single-tenant. The three hosts are exclusively used by a single customer and each cluster is launched into its own isolated network (VPC on AWS, equivalent on other providers). The network is behind a firewall for incoming connections. Only ports 22 (SSH), 80 (HTTP), and 443 (HTTPS), and 2221 (SFTP) are opened to incoming traffic.

There are no exceptions for this rule, so any incoming web service requests, ETL jobs, or otherwise need to transact over one of these protocols. Outgoing TCP traffic isn’t behind a firewall. Outgoing UDP traffic is disallowed. For containers to be allowed to connect to each other, the following requirement must be met:

  • The containers must live in the same environment
  • You need to define an explicit relationship between the containers in your app configuration

All Dedicated projects are isolated and their data is fully encrypted. Should a security breach occur, Upsun follows a strict security incident handling procedure to deal with the issue as promptly and efficiently as possible.

Encryption  Anchor to this heading

All sites and tools supported and maintained by Upsun are fully encrypted by default.

For more information about Encryption at Upsun, visit the Upsun Trust Center.

Performance monitoring Anchor to this heading

All of our Dedicated clusters are monitored 24/7 to ensure uptime and to measure server metrics such as available disk space, memory and disk usage, and several dozen other metrics that give us a complete picture of the health of your application’s infrastructure.

As soon as a metric goes out of bounds (i.e., an outage is detected), Support and Operations teams are alerted, a Point in Time report is generated, and the Upsun teams can triage the cause of the outage.

Automated monitoring Anchor to this heading

On top of internal Upsun Fixed tools, a third-party availability monitoring system is configured for every Dedicated project. This further guarantees that issues are spotted and addressed as quickly as possible. If you’re using a CDN, make sure it’s configured to support automated monitoring and guarantee high SLA.

Automated monitoring is used to keep an eye on your production environment at all times. If automated monitoring triggers an alert, or if a customer files an urgent priority ticket, an on-call engineer is immediately paged so they can respond and begin to triage the issue. Cloud infrastructure issues are handled by the Upsun Customer Success team. Note that application problems are returned to the user and may be downgraded.

Observability services Anchor to this heading

As the official, in-house Upsun Fixed observability tool, Blackfire provides unparalleled monitoring, profiling, and performance testing technologies. Using Blackfire on Upsun Fixed enhances your experience and allows you to enjoy greater support as well as unique upcoming features.

As an Enterprise or Elite customer, you can use the Upsun Observability feature, which offers application performance monitoring by Blackfire packaged with infrastructure monitoring. The Observability feature includes all Blackfire features, support, and usage that scales with your needs.

Upsun Fixed also supports third-party observability services such as New Relic and Tideways. You need to get your own license for them. These third-party services have their own associated cost, are language-specific, and may not be available for all languages.