To setup a website on the Common Web Platform, select from a small, medium or large instance, and within three working days everything is ready for development to begin.

An agency can buy one or more 'Instances' of the Common Web Platform (CWP). Instances come in three sizes, with different technical profiles. Whether you require a small, medium or large instance depends on the size of your website and how many people visit your website. If the standard sizes don't fit an agency's needs, a custom instance can be agreed.

Instance Sizes

SizeSmallMediumLargeAdditional Dev/Test Environments
Daily Page Views 10,000 100,000 750,000 5,000
Disk Space 20 GB 40 GB 80 GB 20 GB
Daily Traffic 2 GB 15 GB 25 GB 1 GB
Max Pages in CMS 5,000 25,000 1,000,000 5,000
Co-funded development pool hours 2 4 6 0

Above specfications were last updated and were changed on 31 March 2015.

Full details of instances and pricing is found in the CWP cost and instance specifications summary (available to agencies). Architectural details are publicly available.

A CWP instance provides:

  • The ability for one or multiple websites to be managed
  • Managed Hosting with Service Levels and 24/7 support
  • Two separate hosting environments, one for your production website, and another for testing ('UAT'). Each environment is near-identical in terms of configuration
  • A specific set amount of computer power and internet traffic
  • Access to other systems, providing search tools, code repository, and logging
  • Proactive upgrades & Patches
  • Backups of your website production environment, taken daily, encrypted, held offsite, and held for 7 years
  • Security protection and content delivery performance via a layer-7 web application firewall (WAF) and content delivery network (CDN) powered by Incapsula
  • Contribution to the co-funded development pool

Disaster recovery options

In the case of a major disaster like an earthquake, taking the data centre offline, CWP has been designed to quickly respond and recover to another location in New Zealand. Depending on the importance of your websites, you can pay for three different recovery times as follows:

1. Backup-only

Cost: Production environment is bundled with the service. Backup of UAT and development/testing environments is optional, and costs a small additional monthly fee.

How it works: Based on a daily backup taken of your website. Stored offsite. Data changes since the last backup could be lost.

Recovery time: Sites will be restored, but no service level or guarantee is provided on time taken to recover.

2. Passive Disaster Recovery

Cost: Small extra monthly fee.

How it works: A copy of your site is continuously mirrored from the primary to the secondary data center, reducing potential data loss and increasing speed of recovery. However, some effort is still needed to restore the site: "booting" of virtual machines and networking changes at the secondary data-centre. Available for the production environment (but not UAT or additional test/UAT environments).

Recovery time: 20 hours (Contracted Service Level).

3.  Active Disaster Recovery (Geographic Load Balancing)

Diagram showing four items, load balancer, Auckland, Wellington, Christchurch

Cost: Larger extra monthly fee. Further fee if UAT environment protected (recommended).

How it works: The Environment (CMS application, files, database) will be actively replicated between the primary (Wellington) and disaster recovery (Auckland) data centre. Website traffic will be served jointly from both data centres, using a geographic load balancer provided by Incapsula. Where a failure occurs at either one of the two data centres, the system shall automatically react and promptly serve traffic only from the operational data centre, reducing the potential for a website outage. A third node (Christchurch) acts as a "witness", communicating with the databases in Auckland and Wellington on whether they should operate or not. (This enables what is known as a master-master database configuration). Should the geographic load balancer component fail, it is designed to automatically operate from another location, such as Sydney.

If Active DR is selected, it should (but is not required to) be used for the UAT environment as well. This enables agencies to accurately test performance, and locate issues otherwise only reproducible on a production environment. Without this, agencies might write code that works in a single-server configuration on UAT but then fails when deployed to the multiple-server configuration in production, thus creating a website outage. Having Active DR in UAT also enables development and deployment to occur more quickly following a failure of the primary data centre.

(Prior to 30 June 2014, Active DR worked differently: A copy of your site was continuously mirrored to a running server in another city; a manual DNS change was needed to restore the site)

Recovery time: 4 hours (Contracted Service Level), however the automatic nature of load balancing is designed to operate within a much shorter timeframe (usually minutes).

Other optional add-ons

Additional dev/test environments

Agencies can purchase one or more further environments for various testing uses. These can have no backup, backup, or Active DR, as options.

Virtual Private Networking (VPN) Endpoint

CWP can be used to run intranets, and can support websites requiring secure access into other networks. For example to integrate into back-office systems holding important data. Agencies may use Virtual Private Networking (VPN) to provide a high level of security to enable these scenarios. In technical terms, the VPN End Point:

  1. Provides configuration to place the Environments of an Instance in a secure network container (VLAN), creating additional isolation from other Instances on CWP.
  2. Creates a VPN End Point in the form of an opening in the CWP firewall and provides services enabling communication to another End Point using a standard VPN protocol (IPSec). 
  3. Provides network engineer time to work with the Participating Agency to determine correct network configuration and establish the VPN connection, including whether web traffic on the Instance is accessible exclusively through the VPN (creating an Intranet) or accessible publicly but with certain network routes configured to utilise the VPN (creating a website with API access into a remote network).
  4. For clarity, does not provide underlying network connectivity between the two End Points, or any hardware or software to the agency. Agencies will still need to pay for and use the public internet or a dedicated pipe to connect between the End Points, and will need an IPSec compatible device to establish a VPN with the CWP End Point

A VPN End Point is provided for a set upfront and ongoing monthly fee. Note that where an instance uses Active DR, a second End Point is provided for redundancy over two data centres, and will cost double.

Web Application Firewall (WAF)

Standard Service:

Diagram showing WAF protecting website from malicious traffic.A Web Application Firewall (WAF) comes standard with all Instances, bundled into the price of the Instance. This mitigates DDoS and malicious web traffic as shown by the by the diagram on the right. For an overview, watch a two minute video about Incapsula, used to provide this service.

Incapsula uses an intelligent automated rule-based system for detecting and preventing attacks and intrusions. The service is continuously updated to detect and automatically mitigate new attacks, much like a virus scanner gets regularly updated databases of signatures to detect. 

Some Security incidents require human intervention to mitigate. These are only assessed and mitigated where they are discovered and raised by SilverStripe or an agency as a Priority Level 1 incident. Where automated detection is insufficient, an agency may wish to consider adding the Premium Managed Service.

Content Delivery Network (CDN)

Incapsula enables websites to be configured and architected to support extremely high traffic levels. Public pages and files can be cached and delivered via a global network of nodes that includes Auckland, and which enables hundreds of page requests per second. Website visitors retrieve their content from the node detected to be closest to them to reduce network latency and increase website performance. We recommend that you work with CWP team so that bandwidth, security, and architectural issues are well managed. See also: technical CDN configuration details.

Optional Premium Managed Service:

An additional monthly fee provides agencies with:

  1. Access to a web-based dash-board with realtime reporting and configuration options, providing increased visibility into malicious activity directed to a website. See example report screenshot or detailed interactive demo at
  2. Automated email contact 24/7 in the case of incidents.
  3. Proactive assessment of all security incidents, including those that require human intervention as they were not automatically mitigated by the Web Application Firewall.