Summary

  • Asten Cloud is an operating French cloud and hosting company in the public record: the French enterprise search service lists ASTEN CLOUD as an active Gouesnou company in computer facilities management, Asten's own site describes two datacenters in the Brest region, and RIPE records show ASTEN CLOUD SAS holding autonomous-system resources.
  • The strongest physical evidence is first-party but concrete. Asten says its private cloud rests on two French datacenters, 300 square metres of clean-room hosting space, more than 1,000 hosted physical and virtual servers, and a housing offer with 48 racks, redundant power and cooling, telecom-operator choice, controlled access and 24/7 site access.
  • The routing picture is mixed rather than weak. AS199727, held as ASTEN CLOUD SAS, is currently visible through RIPEstat with seven IPv4 /24 announcements and one IPv6 /31, while AS206308, the ASN named "asten-cloud-bretagne," is registered but not announced. The public network signal therefore supports current Asten operation, but not a simple claim that the Bretagne-named ASN itself carries customer traffic.
  • Backup and recovery are more than a marketing footnote here. Asten describes Commvault-based backup across two French datacenters, long retention, optional tape through a robot in one datacenter, periodic restore tests, business-impact analysis and a formal recovery plan service. Those claims reduce some customer risk, but they do not publish workload-level RTO, RPO, failover-test results or the capacity left after a datacenter loss.
  • The evidence grade is medium. Legal registration, certification pages, live routing and detailed service pages make the company materially verifiable, but the public record still does not expose exact facility addresses, actual rack occupancy, carrier path separation, generator runtime, customer distribution, support staffing depth or measured recovery outcomes.

The company is visible, but the asset is still local

The useful way to read asten-cloud-bretagne ASTEN CLOUD SAS is not as a hyperscale platform with abstract regions. It is a regional French hosting operator whose public value proposition is precisely that customer systems remain close to Brittany, French law and Asten's support desks. The French enterprise search service identifies ASTEN CLOUD under SIREN 323789990, with an active head office in Gouesnou and an activity code for computer facilities management. The registry signal matters because a cloud-service page without a legal anchor can be little more than a sales front. Here, the company has a registered operating presence that matches the Brittany cloud story.

Asten's own cloud page is unusually physical for a cloud offer. It says Asten Cloud hosts data on its own infrastructure in France, specifically Brittany, and describes two sovereign datacenters in the Brest region, 300 square metres of clean-room hosting space and more than 1,000 physical and virtual servers hosted. It also presents the service as a private certified cloud rather than a resale wrapper around a foreign public cloud. That is not proof of every customer workload, but it is a concrete asset claim: rooms, racks, servers and operational staff must exist behind the service catalogue.

The company's history page helps explain how that footprint developed. Asten says the group was founded in 1995, bought STTG in 2008, became owner of its first datacenter, created the WhiteBox shelter datacenter in 2013, bought a new Brest datacenter in 2018 for colocation, gained ISO 27001 certification in 2019, obtained HDS certification in 2020 and became a telecom operator the same year. It also gives scale indicators: two datacenters in Brittany, about 140 experts, 350 customers and EUR16.5 million in revenue. Those numbers are first-party claims, so they should not be treated as audited capacity utilization, but they make the company far less opaque than a shell listing.

The service area is national in sales language and regional in infrastructure logic. Asten says its expertise is deployed across France and beyond, but its hosting argument is anchored in French datacenters in Finistere. The hosting page describes two French datacenters based in Finistere and frames the offer as sovereign hosting for data that should remain under French and European jurisdiction. For a customer in Brittany, a nearby operator can shorten the escalation path and make site visits more plausible. For a customer outside the region, locality still matters, but the dependency shifts toward wide-area links, remote support and the resilience of Asten's transit and customer access paths.

That geography is the first operating constraint. Asten can sell cloud capacity as a service, but its supply is tied to a finite regional asset base. Two datacenters can be a meaningful resilience design if they are physically, electrically and operationally independent enough. They can also be a shared-fate cluster if both sites depend on the same carrier corridor, maintenance team, fuel supply, change schedule or vendor stock. Public pages prove that Asten markets two sites; they do not publish a site-to-site fault tree.

Racks turn the cloud claim into a capacity test

The most specific public capacity page is Asten's housing offer. It says customers can place physical servers in secure datacenters, choose between thirds of a rack and full racks, use racks measuring 800 by 1200 millimetres with 48U each, and draw included power at 1 kVA or 3 kVA depending on the option. It also states that the datacenter has 48 racks, secured and redundant electrical supply of 175 kVA, redundant cooling, biometric access, digicodes, locks, fire detection and extinguishing, 24/7 surveillance and customer access around the clock. Those details are exactly the kind of facts that turn "hosted capacity" into something testable.

They also show why installed capacity and usable capacity are different. Forty-eight racks is a floor-space measure. One hundred seventy-five kVA is an electrical-capacity measure. Three hundred square metres is a room measure. More than 1,000 hosted servers is an inventory or service-scale claim. None of those figures alone tells a customer how much spare capacity remains today, how much of the power plant is committed, how much cooling headroom is reserved, or what happens if one site is unavailable and surviving capacity must absorb protected workloads. A rack can be present but full.

A UPS can be installed but constrained by battery runtime. A second datacenter can exist but lack enough cold spare compute to take every customer workload at once.

The housing page says the datacenter is open to different telecom operators. That is good language for customer choice, because a single carrier edge can become the hidden common point in an otherwise redundant hosting design. Yet "open to different operators" is not the same as naming active carriers, diverse entrances, separated ducts, independent meet-me rooms or tested failover.

The assignment's core physical dependency is exactly here: a customer can outsource servers to Asten and still remain exposed to rack availability, cross-connect lead time, operator maintenance, router failure and the practical repair window for a failed port.

Asten's hosting portfolio spans housing, shared hosting, HDS hosting, application hosting and container hosting. That breadth suggests more than one operating pattern. A housing customer may own servers and ask Asten to provide space, power, cooling, security and network access. A shared hosting customer may consume virtual servers on Asten-owned infrastructure. A software publisher may depend on Asten for both hosting and managed operations. A container customer may care more about platform orchestration and registry availability than physical rack layout. The same datacenter outage or carrier fault affects each customer differently because responsibility is divided differently at each layer.

The central economic tension is that Asten sells the relief from building a private computer room, but it must finance the shared room that replaces many customer rooms. That is a classic hosting-economics trade: customers avoid capital spending, compliance work and local power/cooling worries, while the provider concentrates enough demand to run secure rooms, staffed operations and redundant systems. The provider then has to avoid overselling scarce resources.

The public evidence lets a buyer ask sharp questions, but it does not answer them fully: current rack fill, committed versus burst power, cooling redundancy under peak outside-air conditions, spare server stock, lead times for replacement hardware and the price of maintaining empty recovery capacity are not published.

Certification narrows the promise, but does not remove the machinery

Asten leans heavily on certification, and the public pages make the scope clearer than a badge alone would. The certifications page says Asten Cloud is ISO 27001 certified for hosting, managed services and user support. It also describes HDS certification for both physical-infrastructure hosting and managed hosting activities, including the six HDS activity areas that cover physical sites, hardware infrastructure, virtual infrastructure, application platforms, administration/exploitation and externalized backups. The HDS hosting page repeats the six-domain framing and says the service is aimed at health and medico-social customers and software publishers.

That is important because HDS is not just a slogan about security. It ties the hosting claim to sensitive workloads where location, access control, traceability, administration and backup matter. Asten's HDS page says its health-data hosting avoids transfers of personal health data outside the European Economic Area. In customer terms, this is a locality promise layered on top of facility operation: the data should sit in French datacenters, under European legal protection, managed by certified processes, and backed up through controlled services. If any of those layers drifts, the service value changes.

Certification, however, does not make capacity infinite or outages impossible. ISO 27001 indicates an information-security management system. HDS indicates conformity for health-data hosting activities. Neither page publishes per-customer recovery time, the number of engineers on call, the mean time to replace a failed storage shelf, the maintenance calendar for shared switches, or the actual geographic distance and carrier path separation between the two datacenters. Certification reduces the risk of improvisation; it does not erase the physical dependency on power, cooling, hardware, people and links.

The public-sector offer adds another demand signal. Asten's page for collectivities and public establishments says the group was selected for the regional Brittany lot of the CANUT cloud and hosting framework. It presents colocation, shared hosting, managed hosting, backup, connectivity and telephony for public entities. This matters because public-sector customers often bring formal procurement, continuity requirements and data-sovereignty preferences. It also raises the cost of a weak recovery design: an outage might affect a municipality, school, public body or local service provider, not just a private test environment.

The right conclusion is therefore neither cynicism nor credulity. Asten's certifications and public-sector positioning are meaningful, evidence-led signals of a serious operating posture. They justify a higher confidence level than would be appropriate for a one-page reseller. But they are not a substitute for customer due diligence. The buyer still needs the scope statement, certificate validity dates, excluded services, subcontractor list, backup location, incident-notification process and evidence that the contracted workload sits inside the certified boundary.

Routing evidence separates Asten operation from the Bretagne ASN

The network record has an odd but useful distinction. The ASN named for the assignment, AS206308, is registered in RIPE as asten-cloud-bretagne ASTEN CLOUD SAS. The holder information connects it to ASTEN CLOUD SAS and addresses in Gouesnou and the Brest area. Yet the RIPEstat overview for AS206308 marks it as not announced, and the routing-status view shows no visible IPv4 or IPv6 prefixes and no observed neighbours at the research cut-off. That does not mean Asten Cloud is offline. It means the Bretagne-named ASN is not the public route carrier in the available routing evidence.

The live routing evidence points instead to AS199727. RIPE RDAP lists AS199727 as "asten-cloud-idf" under ASTEN CLOUD SAS, and the RIPEstat AS overview marks it announced. Its routing-status result shows full IPv4 visibility across RIPE RIS peers and substantial IPv6 visibility. The announced-prefixes result shows seven IPv4 /24s and one IPv6 /31 visible in the current observation window, while ASN-neighbour data shows two observed neighbours: AS174 and AS12645.

Those two facts have to be held together. On one side, Asten has live routed infrastructure. On the other, the ASN whose name contains "bretagne" is quiet. A simple article could collapse that distinction and say "Asten Cloud has an ASN." A better infrastructure reading asks why the named regional ASN is registered but not visible, whether it is reserved for a design that is not currently used, whether customer traffic sits behind AS199727, and whether the two-ASN arrangement reflects site, legacy, product or traffic-engineering choices. Public route collectors do not answer that question.

The prefix names also hint at service functions without proving customer placement. RIPE RDAP identifies 185.189.172.0/24 as "HEBERGEMENT", 185.189.173.0/24 as "HEBERGEMENT_SEC2", 185.189.174.0/24 as "HEBERGEMENT_SEC", 185.37.43.0/24 as "HEBEGEMENT-SEC", 185.37.41.0/24 as "K8S", and 185.37.42.0/24 as "HORS-VDOM-INTERNET". These labels are useful public clues: hosting, secure hosting and Kubernetes-like naming appear in Asten-controlled address space. They do not reveal the data hall, customer tenant, VLAN, firewall zone or resilience level behind any particular IP.

The route-dependency risk is therefore not whether Asten can be seen on the internet. It can. The risk is whether customers know the actual upstream, path and failover arrangement used by their workload. Two observed routing neighbours are better than one, but BGP neighbour diversity is not the same as fibre-path diversity. Two sessions can still share a duct, a building entry, a router, a maintenance window or a commercial dependency.

A high-availability customer should ask for carrier names, handoff locations, route diversity, failover policy, maintenance-notice periods, DDoS handling, RPKI/IRR posture and evidence from a recent failover exercise.

Backup reduces data-loss risk, but recovery still has a clock

Asten's backup and recovery page is one of the stronger pages in the evidence set because it names both mechanism and failure thinking. It says Asten Backup uses Commvault, stores backups in two French datacenters, offers long customizable retention, can add tape backup through a robot in one datacenter, and uses disconnected or isolated backup concepts to resist cyberattack. It also says the offer includes periodic restore tests in an isolated environment, recovery-plan services, business-impact analysis and a written recovery plan led by security expertise.

That is a good starting point for the redundancy task. Backup is not merely another storage volume beside production; Asten describes multiple media, off-site logic, restore testing and recovery planning. The optional tape layer is especially relevant for ransomware because an online replica can faithfully replicate corruption, encryption or deletion. Long retention helps when compromise is discovered weeks or months after first intrusion. Restore testing matters because a backup that cannot be restored is not a recovery capability.

The remaining gap is the service clock. The page does not publish default RPO or RTO targets for each workload class. It does not state how many simultaneous customer restores can run during a regional incident, how backup traffic is rate-limited, whether backup repositories share the same storage vendor as production, or whether the tape robot protects all customers or only those buying an option. It also does not explain how a restore is prioritized if many customers call during the same outage.

A customer may believe "backup in two datacenters" means rapid continuity; the real result depends on contract scope, automation, network throughput, clean-room capacity, staff availability and application dependencies.

The difference between data protection and service continuity is easy to miss. If a physical server fails, a backup may restore the data but not the exact compute environment, license state, firewall rule, DNS setting or application dependency. If one datacenter becomes unavailable, a second-site backup can preserve data but still require compute, storage, IP reachability and application sequencing before users return. If a cyberattack compromises identity systems, backup data may exist but privileged access and trust decisions become the bottleneck. A resilient recovery plan has to choreograph people and dependencies, not just copy blocks.

Asten's service catalogue acknowledges some of this by pairing backup with managed services and recovery planning. The buyer's verification task is to turn the catalogue into evidence: last successful restore-test date, tested workload list, measured restore duration, dependency map, authentication recovery, network cutover steps, post-restore validation, and a named decision-maker for emergency declaration. The public page supports the claim that recovery is part of Asten's offer. It does not let outsiders calculate how fast any particular customer returns.

Support labour is a capacity resource too

Cloud failures are often described as technical events, but repair is carried out by people. Asten's managed-services page says its offer can cover customer infrastructure on site, in Asten's datacenter or on shared platforms. It describes supervision systems, continuous monitoring, real-time alerts, correction of alerts, security updates and emergency patches for critical vulnerabilities. It also says the service can combine on-site support with externalized resources hosted on Asten's servers. This is the operating layer that turns a server room into a managed service.

The support-contract page adds a more mundane but important detail: requests outside a managed-services scope can be handled through a point-based support contract, with level 1 technicians escalating to level 2 and 3 engineers and experts. That matters in a failure path because not every outage begins inside Asten's core. A customer's application change, certificate expiry, firewall request, minor configuration task or hardware intervention may sit at the boundary between included operations and paid support. If that boundary is unclear during an outage, repair slows down.

Support labour has the same utilization problem as racks. Asten's history page says the group has around 140 experts, but the public record does not break that down by cloud operations, security, field work, help desk, application specialists, managers or administrative functions. A normal day may have enough staff for alerts, planned changes and customer tickets. A simultaneous incident across hosting, backup, network and customer systems may consume specialists faster than the datacenter consumes power.

Customers should therefore treat support as a contracted resource. The question is not just "is support available?" It is whether the contract defines response times, escalation triggers, severity levels, on-call coverage, change freezes, emergency maintenance windows, customer responsibilities and the right to request evidence after an incident. Asten's public pages support an expectation of managed operations and multi-level support. They do not publish the exact queue depth or staffing plan behind that expectation.

This is especially important for public bodies and health-linked workloads. Asten's HDS page describes 24/7 surveillance and rapid intervention for health-data environments. A municipality or healthcare software publisher may need more than a ticket response; it may need a documented incident bridge, priority restoration order, privacy notification support and proof that data remains within the approved hosting perimeter during emergency work. The public marketing language points in that direction, but only the contract and runbooks would show whether it is operationally enforceable.

Sovereignty is an operating boundary, not a decorative label

Asten's strongest market claim is locality. The main cloud page says data is hosted on Asten's own infrastructure in France, in Brittany, with no American cloud and no subcontracting in that cloud claim. The hosting page says the cloud is sovereign and under French and European law. The HDS page says health data is not transferred outside the European Economic Area. The public-sector page pitches the same logic to Brittany's public establishments. These claims make data sovereignty and locality one of the correct controlled topics for the article.

But sovereignty is not the same thing as simplicity. A local cloud still has hardware suppliers, software vendors, telecom operators, backup technologies, security products and customer access networks. Asten's managed-services page says that, for SecNumCloud requirements, it relies on OUTSCALE, a Dassault Systemes brand, in a hybrid sovereign approach. That may be a sensible design for customers that require a qualified sovereign cloud option.

It also means a buyer must ask which workloads run in Asten's own Breton datacenters, which run in an OUTSCALE environment, which data moves between them, and which contractual controls apply at each point.

This distinction is not a criticism; it is the practical definition of locality. If a customer buys ordinary hosting, the expected asset may be Asten's Brest-region infrastructure. If a customer buys a hybrid sovereign service, the asset boundary may include Asten-managed customer premises, Asten datacenters and OUTSCALE resources. If a customer buys backup for Microsoft 365 data, the production service may remain in Microsoft's environment while backups land in Asten's French datacenters. The word "souverain" cannot be evaluated until the actual service path is drawn.

The same is true of legal jurisdiction. Data stored in France under French and European rules is a meaningful protection, but operational access still depends on administrators, support vendors, monitoring systems, encryption key management and emergency procedures. Asten's HDS and ISO pages support the view that these processes are managed under formal security frameworks. They do not show which logs are retained, where keys are held, how customer administrators are authenticated, or how cross-border vendor support is restricted.

A good customer review should therefore treat sovereignty as a set of practical proof points rather than a slogan. Where is production data stored? Where are backups stored? Where are monitoring logs stored? Who can access each layer? Are encryption keys customer-controlled, provider-controlled or shared? What happens when hardware is returned, repaired or destroyed? Which subcontractors can touch data or metadata? The public evidence makes Asten a credible local provider; the contract must still prove that the customer's actual workload follows the local path.

Failure paths converge on five practical bottlenecks

The first failure path is a rack or hardware-stock problem. Housing customers may own equipment, but Asten still provides the room, rack, power, cooling, access and possibly hands-on intervention. A shared-hosting customer depends more directly on Asten's server inventory and replacement stock. The housing page's 48-rack figure gives a visible capacity boundary. A hardware failure at one customer server is narrow; a cooling, power distribution, storage-array or shared-switch fault can broaden quickly. Recovery depends on spare parts, vendor support, remote-hands availability and the customer's ability to approve changes.

The second failure path is power. The housing page says the datacenter has secured, UPS-backed and redundant electrical supply of 175 kVA, with generators behind the transition. That language supports a power-resilience claim at the facility level. It does not publish battery runtime, generator fuel autonomy, maintenance schedule, load-test results, power chain topology or how much headroom remains when racks are loaded. If Asten sells both production and recovery hosting in the same power envelope, available headroom after a site fault becomes an economic and technical question.

The third failure path is upstream or route failure. RIPEstat sees AS199727 as active and AS206308 as inactive. If customer traffic relies on AS199727, its upstream diversity and physical paths matter. If some product uses a carrier handoff that is not visible in public BGP, customer due diligence has to move beyond ASN pages. A visible prefix can disappear because of a router failure, route-policy error, maintenance, DDoS mitigation problem, carrier outage or commercial dispute. A cloud customer feels all of those as application downtime even if every server remains healthy.

The fourth failure path is support escalation. Asten describes monitoring, alert correction, security patches and support levels. During a major event, the bottleneck may be the number of specialists who can safely touch firewalls, hypervisors, storage, backups, DNS, identity and customer applications. If public-sector or health customers receive priority, the priority order should be explicit. If a point-based support contract covers out-of-scope work, the emergency policy should say whether point accounting pauses during incidents or continues as usual.

The fifth failure path is migration and portability. Asten's value proposition asks customers to move data and systems into its datacenters or managed environments. Leaving later may require exporting virtual machines, databases, backups, firewall rules, DNS zones, application secrets, monitoring history and access documentation. Asten's public pages emphasize protection, continuity and French location. They do not publish standard exit formats, bulk-export fees, migration lead times or support for emergency repatriation. A customer should settle those questions before a provider-contract failure, not during one.

Who is affected when this system fails

The affected parties are broader than the word "customer" implies. A housing customer may be a local company that placed its own servers in Asten racks to avoid running a private room. A shared-hosting customer may be a small or medium-sized business whose accounting, ordering, identity or collaboration systems run on Asten-managed servers. A software publisher may use Asten's hosting to serve its own clients, turning an Asten incident into a downstream application outage. A public body using the CANUT-linked offer may depend on Asten for citizen-facing or administrative services.

A health or medico-social actor using HDS hosting may have patient-data availability and confidentiality obligations.

The impact also differs by failure type. A short carrier flap may break web access without damaging data. A storage fault may leave applications online but inconsistent. A backup failure may be invisible until a restore is needed. A support backlog may turn a manageable incident into an extended outage. A facility maintenance window may be acceptable for batch systems but unacceptable for a public-service portal, a clinic scheduling system or a retailer during peak hours.

The strongest customer posture is to map dependencies before signing or renewing. Which services are production-critical? Which run in Asten datacenters, customer premises or a hybrid environment? Which are backed up to the second datacenter? Which have tested restores? Which require fixed IP addresses, VPNs, firewall rules or DNS changes during recovery? Which users will call Asten directly, and which must call the customer's own service desk? These questions sound procedural, but they decide whether a recovery promise becomes a usable plan.

Asten's public evidence is detailed enough to let customers ask those questions with precision. A vague cloud provider can deflect with abstractions. Asten has published enough about racks, datacenters, backup, HDS scope, support and routing for buyers to test the claim. The missing pieces are not signs that the service is unserious; they are the private operational details a serious buyer should request.

The buyer's test is a dependency map

The most useful customer exercise is to turn Asten's public claims into a dependency map for the specific system being moved or protected. Start with the business service, not with the virtual machine. A municipal portal may depend on a web front end, a content store, identity, DNS, mail, a payment connector and a help-desk contact. A healthcare application may depend on HDS hosting, encrypted backups, identity federation, audit logs, VPN access and a vendor that can support the application after Asten restores the base platform.

A retailer may depend on a point-of-sale database, a stock system, payment terminals, internet access from stores and nightly integrations. Each service has a different break point.

For each dependency, the buyer should ask whether Asten owns the layer, manages it, merely houses it, or has no control over it. That distinction is central to the article's title. Hosted capacity can fail because Asten's own infrastructure fails. It can also fail because a customer's server is out of warranty, a third-party application cannot be rebuilt, a fibre provider misses a repair target, a domain registrar blocks a DNS change, or a security incident forces a manual trust decision. Asten may be the right partner in each case, but the contract should make the boundary visible before the incident.

The map should also separate normal support from emergency authority. During routine operation, a customer may request a firewall change, a storage expansion or a restore through a ticket path. During a major incident, the same customer may need a named person who can approve a recovery declaration, authorize a DNS cutover, accept degraded performance, pause nonessential services and communicate with users. Asten's support page shows a structured support arrangement, but the buyer still needs names, roles, escalation times and severity definitions. A recovery plan with no decision authority is just an inventory.

Data locality should appear on the same map. If production runs in Asten's Breton datacenters, backups sit across two French datacenters, and a SecNumCloud-related service uses OUTSCALE under Asten management, then those are three different locality claims. Each deserves a separate line: where production lives, where backup lives, where logs live, where administrators connect from, where encryption keys are kept and where emergency copies may be created. The stronger Asten's sovereignty story becomes, the more important it is to prove that every component of the actual service follows the same policy.

The dependency map should include capacity after a failure, not just capacity on a normal day. A two-site design can be excellent if either site has enough spare compute, storage, licensing and network capacity to carry the protected services. It can be weaker if the second site is designed mainly for backup storage, selected critical workloads or slower recovery.

Asten's public backup page mentions periodic restore tests and a second datacenter; the contract should say whether the customer's environment is expected to run there, how long the move takes, how much performance is reserved, and what other customers compete for the same emergency pool.

Finally, the buyer should require an exit path. This is not a hostile posture; it is part of resilience. A customer that cannot leave a provider during a commercial dispute, strategic change or persistent outage has not reduced dependency, it has concentrated it. For Asten, the exit test should cover virtual-machine export, backup export, database dumps, encryption keys, firewall and VPN configuration, public IP changes, DNS zones, support documentation and deletion evidence after departure.

A service that is genuinely well run should be able to describe how a customer enters, survives an incident and leaves without losing control of its data.

What would upgrade the evidence

The public record supports a medium-confidence assessment today. It would become stronger if Asten published or shared customer-safe evidence of the two-site design: non-sensitive site separation, carrier diversity, independent power paths, tested failover results, backup restore metrics, RTO/RPO bands, emergency escalation procedures, and standard exit support. It would also help to explain the role of AS206308 relative to AS199727. If the Bretagne-named ASN is reserved, historical or used only in private arrangements, saying so would prevent outsiders from misreading its inactive public status.

For a customer, the evidence request should be concrete. Ask for the latest ISO and HDS certificate scope, the service matrix showing which offers fall inside it, the data-location statement for production and backup, the list of subcontractors that can affect service, and the customer responsibilities during a recovery. Ask how many carrier paths enter each site and whether they are physically diverse. Ask how backup tests are scheduled, how failures are reported, and whether the customer can witness or receive the result. Ask what happens if one datacenter is lost for a week, not just for an hour.

The same goes for cost. Asten's hosting economics depend on shared infrastructure, which is why it can be attractive to customers that do not want to build their own secure room. But resilience consumes reserved capacity. A cheap service with no reserved recovery headroom is not equivalent to a more expensive service with tested failover and spare compute. Buyers should separate base hosting, backup, PRA, managed operations, support points and migration assistance instead of assuming they are bundled.

The final judgment is that Asten Cloud's capacity is real enough to scrutinize. Its public materials do not read like a vanished provider or a pure intermediary. They show a legal French company, Breton datacenter claims, certification scope, live routed address space, hosting products, backup tooling and public-sector targeting. The article's caution is narrower: the customer's operational dependency is not solved by the word cloud. It moves into Asten's racks, power plant, route choices, backup repositories, support queue and recovery contracts.

That is a respectable infrastructure proposition only if those physical and contractual dependencies are measured before failure, not discovered during the repair window.