FAQ | Tag1 D7ES

What is Tag1 D7ES?

Tag1 Drupal 7 Extended Support (D7ES) is a service offering by Tag1 Consulting that enables organizations to continue to securely run, and build on, Drupal 7 beyond its official End-of-Life (EOL) in January 2025. Through Tag1 D7ES, our team of world leading Drupal experts will proactively review and maintain the security of Drupal 7 core and all contributed modules and themes used by our clients, ensuring the continued stability and integrity of their online Drupal 7 applications.

For over 15 years (including pre-release development), the Tag1 team has led the development and maintenance of Drupal 7 on a largely volunteer basis, serving as core maintainers, framework managers, release managers, security team members, and mentors who oversee and manage Drupal’s development. When Drupal 7 reaches its End of Life (EOL), this and all other volunteer community support for the platform will end.

Tag1 D7ES provides commercial-grade support for Drupal 7 after EOL, with our team continuing to oversee and manage Drupal 7, largely on a paid basis. We actively identify and address potential issues before they become incidents, providing you with security and compatibility updates. All updates will be made available under the same open-source license as Drupal itself (GPLv2+) but will only be created for modules in active use by our paying customers.

Why should we trust Tag1?

If you use Drupal, you've already been relying on the Tag1 team. We have been helping to build, manage, secure, and release Drupal for over 20 years.

We are the only organization with experience providing Extended Support for Drupal after End-of-Life, proudly having provided commercial support for Drupal 6 for over six years beyond its EOL. No other D7ES provider can match our security credentials and extensive Drupal experience.

Our Team Led Drupal 7’s Development
Our team boasts the largest concentration of core committers and framework managers, including individuals responsible for the development and architecture of Drupal. This includes one of the Drupal 7 Framework Managers, the D7 release manager, the #1 all-time contributor to Drupal, many subsystem maintainers, and top core contributors. We have a deep understanding of the platform and its evolution.

Leading Drupal Security Experts
Additionally, we have more team members on the Drupal Security team than any other organization except Acquia. Many of the largest organizations using Drupal hire Tag1 to perform security audits of their Drupal systems.

Above all, Tag1 D7ES is about ensuring your systems stay secure. We prioritize security in every solution we deliver, recognizing it as a fundamental aspect of safeguarding your digital assets. Our capabilities are diverse, proven, and reliable, and we've had the privilege of partnering with industry leaders on their Drupal systems, such as Google, Symantec, The White House, and more.

We Run and Manage all of Drupal’s Development and Release Tooling
On behalf of the community and the Drupal Association, we manage and run the tooling used to build Drupal, and QA systems required to test and release versions of Drupal. Our team includes one of the Drupal release managers and the maintainer of Drush, Drupal’s command line interface, which most D7 sites use for automation and release management.

Reputation
Tag1 is one of the oldest and most well-known consulting companies in the Drupal ecosystem. Our history with Drupal dates back to 2001, when it was first introduced.

What does Tag1 D7ES include, and what does it cost?

We offer three convenient plans to fit your organization's needs and budget.
Pricing for all plans is month to month, and no commitment is required. We also offer an annual plan, designed for organizations that require a longer-term commitment from us regarding the availability of our Tag1 D7ES service. You can cancel at any time.

Self-Service Plan: $149.99/site/month
Our self-service plan provides access to security patches for Drupal 7 core, and as well as contrib modules and themes used by your website. To ensure coverage, sign up for our service online and install the tag1_d7es module on your site. When a security issue is identified, you will receive a notification with a patch that needs to be applied.

The self-service plan does not include support. You are required to manage and apply the patches yourself. Sign up for the self-service plan is only available online, pricing is month-to-month, and you can cancel any time.

If you want to monitor and receive updates with alerts for more than one website, you will need to purchase additional licenses for each site you want to monitor. There is no bulk purchasing discount for the self-service plan; however, you can buy one license and freely share the patches with other websites. See “Can I buy one license and share the updates with other websites?”

Premium Support Plan: $1,499.99/site/month
Our premium plan includes everything from our self-service plan with the addition of hands-on assistance from our expert team. We will provide security patches and apply the patches for you (up to 3 hours of support per month, per site). We also answer any questions you may have and can support your team in applying the patches. This plan provides added peace of mind, knowing that our experts are actively involved in maintaining the security of your Drupal 7 site. Sign up for Premium Support online or contact us if you require an invoice.

Our premium plan includes everything from our self-service plan with the addition of comprehensive support from our expert team. We provide security patches and offer flexible assistance tailored to your needs. Whether you prefer hands-on help with patch application (up to 3 hours of support per month, per site), need guidance for your team to apply patches, or want a reliable resource for questions, we have you covered. You can choose the level of assistance that best fits your team's capabilities and preferences. This plan offers peace of mind, knowing our experts are actively involved—how you need them—for the continued security of your Drupal 7 site. Sign up for Premium Support online or contact us if you require an invoice.

To ensure a seamless process, we require that your site meets a few basic requirements.The vast majority of sites should already have these requirements in place (e.g., your code is properly managed with source control, you QA changes prior to release, etc.). See “What are the initial set up and other requirements for Premium Support?”.

If you want to monitor and receive updates with alerts for more than one website, you will need to purchase additional licenses for each site you want to monitor. However, you can buy one license and freely share the patches with other websites. See “Can I buy one license and share the updates with other websites?”

Enterprise Premium Support Plan: Custom pricing for multiple sites (minimum of 3)
Our Enterprise Premium Support Plan is tailored for organizations with multiple Drupal 7 sites that require a high level of support and flexibility. This plan offers all the benefits of our Premium Support Plan, including hands-on assistance from our expert team and up to 3 hours of monthly support per site. Additionally, it offers reduced pricing for managing multiple sites and complex ecosystems, making it an ideal solution for large organizations. Please contact us directly to discuss your specific needs and receive a custom quote.

How do you define what a “site” is for per site pricing?

We consider a "site" to be any individual Drupal installation that has the tag1_d7es module installed. To clarify, here are some examples of what we consider to be a single site or multiple sites:

Different environments for the same website (e.g., dev.example.com, qa.example.com, uat.example.com) are considered part of the same site (i.e., www.example.com) and will only incur one billing charge;
If you are using a Drupal multi-site and install the tag1_d7es module on several of these sites, each of those sites will be billed separately. However, if all sites in your multi-site have the same codebase, you can install the module on only one site and apply patches globally.
If you share a single codebase across multiple sites, you are allowed to install the tag1_d7es module on just one site and commit patches to that shared codebase. This way, all your sites will benefit from our support without incurring additional billing charges;
Generally, each Drupal installation with its own URL and database is considered a separate site and is subject to individual billing charges.

What are the initial set up and other requirements for Premium Support?

To provide you with Premium Support, we require the following:

Your site must be properly managed with source control.
You must have up-to-date and tested database backups.
Your site must have at least two environments (e.g., development and production). Tag1 will not work directly on a live site and will only apply patches to a non-production environment.
To begin using Tag1 D7ES your site must be up to date and running the most recent version of Drupal 7 (the version at the time of EOL).

If you do not yet meet these requirements, Tag1 can assist you in meeting them for an additional one-time fee. See “Can you help me get set up to meet the requirements for Premium Support”

If Tag1 is applying updates, you must complete the following responsibilities:

Perform your own QA testing on the non-production website after the patches are applied and sign off on QA prior to release.
You are responsible for releasing the updates to your production environment after completing the QA and sign-off process.

Can you help me get set up to meet the requirements for Premium Support?

To ensure a seamless process for our Premium Support service, we require that your website meets a few basic requirements (see “What are the initial set up and other requirements for Premium Support?”). We can not support your site until these requirements are met. If you need assistance meeting these requirements, Tag1 can help.

For a fee of $3,000 USD, Tag1 will work with you to complete the set up process which includes working with you to assess your situation, recommending the best path to meeting these requirements, and implementing the necessary changes. This fee includes up to 10 hours of effort, which, in our experience, is sufficient for most sites. However, since every system is unique, if more hours are required, they will be charged on a time and materials basis at $300/hr. We will notify you as soon as possible if it becomes clear that 10 hours will not suffice.

Please note that if you lack the technical requirements (e.g., development/production environments, tested database backups, etc.), the best course of action is often to move to a hosting or platform provider that provides all of these requirements, in many cases for a low monthly fee. Re-homing your site can be managed as part of this setup process. The cost of any hosting fees is not included.

Can I cancel at any time?

Yes, you can cancel your subscription at any time. We offer flexible pricing options to fit your needs, including month-to-month and annual plans.

Our annual plan is designed for organizations that require a longer-term commitment from us regarding the availability of our D7 ES service. This option provides assurance that we will be here to support you for an extended period, but please note that the monthly and yearly pricing are the same. The yearly cost doesn't come with any discounts.

If you decide to cancel your subscription, you won't be charged for any future periods. Your coverage will continue until the end of the period you have already paid for, ensuring a smooth transition. We are committed to your satisfaction, and if for any reason you feel you aren’t getting what you have paid for, we will provide a refund. We are confident in the value our D7 ES program provides, and we want to ensure that you are too.

How will I be notified when updates and patches are available?

Notifications are sent by email. Tag1 D7ES streamlines the update process: you only receive notifications for security updates that are relevant to your codebase. This means you won’t be bothered with notifications about patches for modules and themes you don’t use, and you won’t waste time reviewing every update to determine its applicability to your sites.

When does Drupal 7 reach End of Life?

The official End-of-Life (EOL) date for Drupal 7 is January 5, 2025. After this date, the Drupal project will no longer provide security updates or bug fixes. https://www.drupal.org/psa-2023-06-07

However, Tag1 will continue to provide commercial support for Drupal 7 through our Tag1 D7ES program, ensuring that your site remains secure and up-to-date with modern technology stacks, including supported versions of PHP. We will provide proactive security updates and ongoing support for as long as possible. For customers requiring a longer-term guarantee, we offer annual pricing options.

Billing for these services starts in January 2025. If you sign up prior to January 5, 2025, you will not be billed until January 2025.

There is one exception, if you require our help getting set up to meet the requirements for Premium Support, you will be billed for that set up fee when the work is scheduled to be completed. If you require this service, we strongly recommend that you have these requirements in place asap.

What is your process and timing for releasing vulnerability updates?

We prioritize swift action when it comes to releasing vulnerability updates. If a vulnerability is discovered in a version of Drupal still supported by the community, our goal is to backport the patch on the same day. When we identify vulnerabilities through our proactive reviews and testing, we take a coordinated approach: if the issue affects multiple versions of Drupal, including more modern ones, we synchronize our releases with all affected versions to ensure no one is left vulnerable without a patch.

Additionally, although the public Drupal 7 automated testing system will be discontinued in early January of 2025 at the end of life (EOL), we played a key role in its development and we manage and run it on behalf of the Drupal Association; this uniquely positions us with the knowledge and skills to replace it. We are currently launching a replacement testing system so that all our patches will include comprehensive test coverage and undergo rigorous automated testing to minimize the risk of unexpected regressions.

Do you support uncommon contrib modules and/or themes?

Yes, we do support uncommon contrib modules and/or themes as part of our D7 ES service. However, there are a few conditions to keep in mind:

We only provide updates against the latest release of a module or theme. If you are using an older version, you will need to upgrade to the latest release (you are welcome to backport our patches to older releases, but this is not a service we provide);
Generally, we don't support sandbox-only modules or modules that only ever had a -devel release. However, if you can demonstrate a legitimate reason for using one of these modules, we may make an exception on a case-by-case basis;
We only provide updates for modules and themes that are actively in use by our paying customers.

Does it matter where my Drupal sites are hosted? What environments and hosting platforms do you support?

Our security updates are designed to be portable, meaning they can be applied to any Drupal 7 site regardless of its hosting environment.

However, if you are using our Premium Support Plans, there are specific requirements related to the hosting environment, such as managing your code with version control. To provide hands-on support and ensure a smooth patching process, you must have these basic capabilities in place. Most sites already meet these requirements. If your site does not, the quickest and most cost-effective solution might be to move your site to a new hosting provider. See “What are the initial setup and other requirements for Premium Support?” for more details. This enables us to efficiently work with you to test and apply patches, ensuring the security of your Drupal 7 site.

If you are using our Self-Service Plan, the Premimum Support Plan requirements do not apply.

You can sign up for Tag1 D7ES at any time by filling out the sign up form.

A Tag1 D7ES team member will get in contact with you to answer any questions. Payment details will be collected in Q4 2024. You will also receive a notification when the tag1_d7es module is available, in early Q4 2024, providing you with 3 months to install and test the system.

Process:

Sign up on our website for the self-service or premium subscription plan; contact us if you are interested in learning more about our Enterprise Premium Support Plan.
You will receive a confirmation email.
Download and install the tag1_d7es Drupal module when you are notified in early Q4 2024, or follow the instructions provided to use one of the alternative methods for providing us with your system information.
Install the module on your Drupal 7 website(s), or contact us with the system information provided by one of the alternative methods provided.
You will receive email notifications when patches and updates are available for your site.

We're looking forward to helping you secure your Drupal 7 site!

Do I have to install your tag1_d7es Drupal module?

While installing our tag1_d7es module is the easiest way to get started with Tag1 D7ES, we understand that it may not be feasible for every site.

If you are unable to install our module, don't worry - we have alternatives.

Run a Drush command: We have documented a Drush command that you can run on your site to collect and send us the necessary information manually.

Documentation is available for self-service customers; premium support customers can also use their support hours for guidance and assistance with the process.