This section of the Cloud Platform documentation describes how Cloud Platform works, including information about the Cloud Platform architecture, security, high availability features, and compliance with standards and regulations.
Cloud Platform provides a robust managed solution for mission-critical Drupal applications. Traditional hosting services may provide little more than virtual machines, leaving you with the task of managing and running the infrastructure. With Cloud Platform, you bring your code, files, and data, and Acquia handles the rest. Acquia takes care of developing, deploying, and maintaining a Drupal-optimized cloud-based infrastructure. Cloud Platform provides high-availability elastic cloud resources with configuration management, monitoring, optimization, and caching built in, all backed up by Support and Operations teams which consist of cloud and Drupal experts ready to respond 24x7.
Cloud Platform infrastructure¶
Cloud Platform applications run on Drupal-optimized infrastructure hosted in the Amazon Web Services (AWS) cloud environment. The core of the platform is an open-source LAMP infrastructure stack, combining the Linux (Ubuntu) operating system, Apache infrastructure, MySQL database, and PHP programming language with Drupal. Cloud Platform infrastructure is built on the AWS Elastic Compute Cloud (EC2) and leverages Elastic Block Storage (EBS) and Elastic IPs (EIP).
The Cloud Next version of Cloud Platform, first released in 2021, integrates additional AWS services, such as Amazon’s Elastic Kubernetes Service (EKS), Elastic File Service (EFS), and Aurora Database Services.
Containers in Cloud Platform¶
Cloud Next technologies and several Cloud Platform features are built on containers. Containers are based on a virtualization technology with many advantages over traditional approaches, including virtual machines. Containers are lightweight, so they are faster and more secure. They use packaging, such as images containing an application’s dependencies, to ensure no dependencies are outdated or missing.
A container can run any application, together with its dependencies, in isolation from all other applications on the same infrastructure.
Cloud Platform uses containers for several of its features, including the following:
- Cloud Next
- Cloud Platform CD environments
- Pipelines: Pipelines uses containers to execute builds before their deployment on Cloud Platform.
- Cloud IDE
Configuration¶
The exact configuration of a Cloud Platform application’s infrastructure depends on several factors, including anticipated monthly traffic levels, whether the application is part of Cloud Platform Enterprise (including Site Factory) or Cloud Platform Professional, and whether or not the application’s environments are running on the Cloud Classic version of Cloud Platform or the more advanced Cloud Next version. The following diagram displays an example of a Cloud Platform Enterprise application and how the components interact with one another:
Note
Note
Cloud Platform Enterprise, Cloud Next, and Site Factory always split the High Availability infrastructure across two availability zones.
Important
Important
For applications running on Cloud Next, non-production environments have the same high-availability architecture as production environments.
For comparison, Acquia’s Cloud Classic infrastructure for Cloud Platform Enterprise and Site Factory applications has the following configuration for production environments:
For Cloud Platform Professional applications, as well as Cloud Platform Enterprise and Site Factory non-production environments, Acquia’s Cloud Classic infrastructure has the following configuration:
As indicated in the previous diagrams, Cloud Platform Enterprise and Cloud Platform Professional applications each have the following main components:
- Cloud Platform CDN (optional) for global cached content delivery (Fastly)
- Regional reverse proxy caching and load balancing infrastructure (Nginx and Varnish®) with TLS (SSL) termination
- Application layer infrastructure (Apache, PHP, Drupal code, cron, SSH and Memcached)
- File system infrastructure
- Cloud Classic: Redhat Gluster
- Cloud Next: AWS EFS
- Database infrastructure
- Cloud Classic: Percona MySQL
- Cloud Next: AWS Aurora
For more information, see Cloud Platform technology platform and supported software.
Note
Note
Customers with the Enterprise Security Package also have dedicated infrastructure at the edge layer as part of their configuration. For more information, see Enterprise Security Package.
Compared to Cloud Platform Professional, Cloud Platform Enterprise provides more features for high availability, including redundant infrastructure at each level of the stack and greater levels of support, including unlimited application support and an operations team available 24x7 to remotely administer your applications and manage your infrastructure on demand. For more information, see Comparing Cloud Platform hosting environments.
Software isolation enhancements on Cloud Next¶
Cloud Next leverages containerization to optimize resource isolation and resiliency while improving infrastructure security. As a result, services that typically operated on the same infrastructure on previous versions of the Cloud Platform now run in dedicated pods, even on non-production environments. Each environment is isolated from other environments in the same application. In other words, each environment has its own set of isolated pods.
On Cloud Next, application services are assigned to dedicated pods as follows:
- Drupal (Apache, PHP)
- SSH Sessions
- Cron Jobs
- Memcached
- Cloud Hooks
This level of resource isolation ensures that the key services associated with delivering your Drupal application can utilize the cloud capacity they require without adversely impacting each other, even during periods of increased activity.
AWS infrastructure regions¶
Cloud Platform is built on Amazon Web Services (AWS) infrastructure, which is physically remote from Acquia’s offices. The AWS environment consists of major regions and Availability Zones. Cloud Platform customers may choose the geographic region for their application’s location. Cloud Platform supports the following zones:
- US (East and West)
- Canada (Central)
- Europe (Frankfurt, Ireland, and London)
- Asia Pacific (Tokyo, Singapore, and Sydney)
- South America (São Paulo)
Cloud Platform applications are only available in a subset of the above regions.
Virtual Private Cloud¶
Applications hosted by Cloud Platform are isolated using several security controls, but internal traffic travels over the same network inside Acquia’s shared virtual private cloud (VPC).
For subscribers interested in additional security, Acquia offers the following options:
- Compliant VPC: Applications are deployed on a separate, shared network that is limited to subscribers requiring PCI, HIPAA, or PII compliance. For more information, see Compliance with standards and regulations.
- Dedicated VPC: Applications are deployed on an isolated network environment, which can be used to connect to your virtual private network (VPN) device or Amazon Web Services Virtual Private Cloud (AWS VPC). For more information, see Shield.
Note for subscribers with Shield and other Acquia Products
Note for subscribers with Shield and other Acquia Products
Although you can access Acquia Search, Cloud IDEs, Pipelines, CD environments, Marketing Cloud products, and more from inside a dedicated VPC, none of these products or services exist inside of your dedicated VPC. Subscribers with strict compliance requirements must not send production data to products or services that have not received compliance certifications.
