1 of 100

Products

IONOS Cloud Documentation

Explore our guides and reference documents to integrate IONOS Cloud products and services.

Latest Release: DBaaS MongoDB User Guide

Getting Started

With (DCD), IONOS Cloud's visual user interface, you can create a fully functioning Virtual Data Center. Learn more about the DCD and consult our code-free guides:

APIs, SDKs & Tools

Product User Guides

Setup and manage your products and services via examples and troubleshooting cases below:

Getting Started

Data Center Designer

The Data Center Designer (DCD) is a unique tool for creating and managing your . DCD's graphical user interface makes data center configuration intuitive and straightforward. You can drag-and-drop virtual elements to set up and configure data center infrastructure components.

As is the case with a physical data center, you can use the DCD to connect various virtual elements to create a complete hosting infrastructure. For more information on DCD features, you can visit the First Steps page.

The same visual design approach is used to make any adjustments at a later time. You can log in to the DCD and scale your infrastructure capacity on the go. Alternatively, you can set defaults and create new resources when needed.

Core Functionality

The DCD allows the customer to both control and manage the following services provided by IONOS Cloud:

: Create, configure and delete entire data centers. Cross-connect between VDCs and tailor user access across your organization.
: Setup, pause, and restart virtual instances with customizable storage, CPU, and RAM capacity. Instances can be scaled based on usage.
: Upload, edit and delete your own private images or use images provided by IONOS Cloud. Create or save snapshots for use with future instances.

Compatibility

As a web application, the DCD is supported by the following browsers:

Google Chrome™: Version 30+
Mozilla® Firefox®: Version 28+
Apple® Safari®: Version 5+

We recommend using Google Chrome™ and Mozilla® Firefox®.

Next Steps

If you are ready to get started with the Data Center Designer, consult our beginner . These step-by-step instruction sets will teach you how to and configure initial user settings.

Compute Engine

DCD How-Tos

Prerequisites: Prior to setting up a virtual machine, please make sure you have the appropriate privileges. Only contract owners, administrators, or users with the Create Data Center privilege can set up a . Other user types have read-only access and can't provision changes.

Learn how to create and configure a Server inside of the DCD.

Connect via Remote Console

The Remote Console is used to connect to a server when, for example, no SSH is available. You must have the root or administrator password for this type of log-in to the server.

Prerequisites: Make sure you have the appropriate permissions. Only contract owners, administrators, or users with access rights to the data center can connect to a server. Other user types have read-only access and can't provision changes.

Procedure

Start the Remote Console from the server.
Open the data center containing the required server.
In the Workspace, select the server.

Remote Console version matching your browser opens; you can now log on to the server with root or administrator password.

Use the Send Key Combo button on the top right of the Remote Console window to send shortcut key combinations (such as CTRL+ALT+DEL).

Launch this Remote Console window again with one click by bookmarking its URL address in your browser.

For security reasons, once your session is over, always close the browser used to connect to with this bookmark.

Block Storage

With IONOS Cloud Block Storage, you can quickly provision virtual servers and other Infrastructure-as-a-Service () offerings. Consult our user guides, reference documentation, and FAQs to support your hosting needs.

Developer Tools

DCD How-Tos

Prerequisites: Make sure you have the appropriate privileges. Only contract owners, administrators, or users with the Create Data Center privilege can set up a . Other user types have read-only access and can't provision changes.

How-Tos

DCD How-Tos

How-Tos

Reserve an IP Address

If you want to build a network using static , IONOS Cloud offers you the option to reserve IP addresses for a fee. You can register one or more addresses in an IP block using the IP Manager. It is not possible to reserve a specific IP address; you are assigned a random address by IONOS Cloud.

An IP address can only be used in the data center from the region where it was reserved. Therefore, if you need an IP address for your virtual data center in Karlsruhe, you should reserve the IP address there. Each IP address can only be used once, but different IP addresses from a block can be used in different networks, provided these networks are provisioned in the same region where the IP block is located.

Reserving and using IP addresses is restricted to authorized users only. Contract owners and administrators may grant privileges to reserve IP addresses.

Setup a Firewall

Activate and configure a for each network interface () to better protect your servers from attacks. IONOS Cloud Firewalls can filter incoming (ingress), outgoing (egress), or bidirectional traffic. When configuring Firewalls, it is important to set proper rules, otherwise, traffic will not be correctly filtered. Please note that a Firewall without set rules blocks all traffic.

Activating a Firewall

1. In the Workspace, select a VM with a NIC.

Managed Services

Managed Kubernetes

With IONOS Cloud Managed Kubernetes, you can quickly set up Kubernetes clusters and manage Node Pools. Consult our user guides, reference documentation, and FAQs to support your hosting needs.

Developer Tools

DCD How-Tos

Prerequisites: Make sure you have the appropriate privileges. Only Contract Owners, Administrators or Users with the Create Kubernetes Clusters permission can create a cluster. Other user types have read-only access.

Learn how to create and configure a Kubernetes Cluster using the DCD.

Setup a Cluster

Creating a cluster in the Kubernetes Manager

Prerequisites: Make sure you have the appropriate permissions. Only with the Create Kubernetes Clusters permission can create a cluster. Other user types have read-only access.

Upgrade Node Pools

A upgrade generally happens automatically during weekly maintenance. You can also trigger it manually, e.g. when upgrading to a higher version of . In any case the node pool upgrade will result in rebuilding all nodes belonging to the node pool.

During the upgrade, an "old" node in a node pool is replaced by a new node. This may be necessary for several reasons:

Software updates: Since the nodes are considered immutable, IONOS Cloud does not install software updates on the running nodes, but replaces them with new ones.

Download Kubeconfig

You can download the generated Kubeconfig for your cluster to be used with the kubectl command. The file will be generated on the fly when you request it.

You can download the file from the Kubernetes Manager or from the Inspector pane, in case the viewed data center contains active node pools.

Using the Kubernetes Manager

Go to MANAGER Resources > Kubernetes Manager
Select a cluster from the list
Click on kubeconfig.yaml or to kubeconfig.json for downloading

Using the Inspector pane

1. Open a data center containing node pools

2. Select a Server that is managed by Kubernetes

3. On the right, select Open Kubernetes Manager

4. Choose between kubeconfig.yaml or to kubeconfig.json for download

API How-Tos

All Kubernetes API instructions can be found in the main Cloud API specification file.

To access the Kubernetes API provided by the cluster, simply download the kubeconfig for the cluster and use it with tools like kubectl.

Database as a Service

IONOS's Database as a Service (DBaaS) consists of fully managed databases, with high availability, performance, and reliability hosted in IONOS Cloud and integrated with other IONOS Cloud services.

Database Engines

We currently offer the following database engines:

DCD How-Tos

Quick Links:

View Cluster Metrics

To view cluster metrics in DCD, select the cluster of interest from the available Databases. The chosen database will open up. In Properties, select the database name next to the Monitor Databases option. The cluster metrics will open up:

It is possible to choose a time frame for metrics and instances of interest.

Database Migration

You can migrate your existing databases over to DBaaS using the pg_dump, pg_restore and psql tools.

Using the SQL script format

To dump a database use the following command:

Connect from Kubernetes

This guide shows you how to connect to a database from your managed Kubernetes cluster.

We assume the following prerequisites:

A datacenter with id xyz-my-datacenter.
A private LAN with id 3 using the network

PostgreSQL FAQ

Will DBaaS be ever offered on Cloud Cubes?

As for now, DBaaS is only offered on Virtual Servers. Cloud Cubes may be used in the future as well.

Change Log

5 January 2022 | Product documentation updates:

Upgrades added to Features
WAL and Logs added to Resource Usage

MongoDB

With IONOS Cloud Database as a service, you can quickly setup and manage MongoDB database clusters. Leverage our user guides, reference documentation, and FAQs to support your hosting needs.

Product Overview

High Availability

Cluster options

To guarantee partition tolerance, only odd numbers of cluster members are allowed. For the playground edition you can only have 1 replica. All other editions allow the use of 3 replicas. Soon we will allow more than 3 replicas per cluster.

All of these sizes are automatically highly available and replicate your data between instances. One instance is the primary, which accepts write transactions, and the others are secondary, which can optionally be used for read operations.

Replication

All instances in an IONOS MongoDB cluster are members of the same replica set, so all secondary instances replicate the data from the primary instance.

By default the write concern before acknowledging a write operations is set to "majority" with j: true. The term "majority" means the write operation must be propagated to the majority of instances. In a three-instance cluster, for example, at least two instances must have the operation before the primary acknowledges it. The j option also requires that the change has already been persisted to the on-disk journal of these instances.

If data is not replicated to the majority, it may be lost in the event of a primary instance failure and subsequent rollback.

Changing the commit guarantees per transaction

You can change the write concern for single operations, for example due to performance reasons. See the .

Read preferences

You can determine which instance to use for read operations by setting the on the client side, if your client supports it.

If you read from the primary instance, you always get the most up-to-date data. You can spread the load by reading from secondary sources, but you might get stale data. However, you can get consistency guarantees using a .

Backup and Recovery

Backups

MongoDB Backups: A cluster can have multiple snapshots. They are created:

when a cluster is created, known as initial sync which usually happens in less than 24hs.
after a restore.

A snapshot is a copy of the data in the cluster at a certain time. Every 24 hours, a base snapshot is taken, and every Sunday, a full snapshot is taken. We keep snapshots for the last 7 days, so recovery is possible from up to a week ago.

You can restore from any snapshot as long as it was created with the same or older MongoDB patch version.

Snapshots are stored in an IONOS S3 Object Storage buckets in the same region as your database. Databases in regions where IONOS S3 Object Storage is not available will be backed up to eu-central-2.

Warning: If you destroy a MongoDB cluster, all of its snapshots are also deleted.

Recovery

Recovery is achieved via restore jobs. A restore job is responsible to create and catalog a cluster restoration process. A valid snapshot reference is required for a restore job to recover the database from. The API exposes available snapshots of a cluster.

There must be no other active restore job for the cluster in order to create a new one.

Warning: When restoring a database, it is advised to avoid connections to it until its restore job is complete and the cluster reaches AVAILABLE state.

Sizing

Note: Currently, DBaaS - MongoDB does not support scaling existing clusters.

RAM

The WiredTiger cache uses only a part of the RAM; the remainder is available for other system services and MongoDB calculations. The size of the RAM used for caching is calculated as 50% of (RAM size - 1 GB) with a minimum of 256 MB. For example, a 1 GB RAM instance uses 256 MB, a 2 GB RAM instance uses 512 MB, a 4 GB instance uses 1.5 GB, and so on.

You get the best performance if your working set fits into the cache, but it is not required. The working set is the size of all indexes plus the size of all frequently accessed documents.

To view the size of all databases' indexes and documents, you can use a similar script as described in the . You must estimate what percentage of all documents are accessed at the same time based on your knowledge of the workload.

Additionally, each connection can use up to 1 MB of RAM that is not used by WiredTiger.

Disk

The disk contains:

Logs written by . They can take up to 2% of the disk space before MongoD deletes them.
OpLogs for the last 24 hours. The size of these depends on your workload. There is no upper limit, so they can grow quite large. But they are removed after 24 hours on their own.
The data itself.

Operating system and applications are kept separately, outside of the configured storage, and are managed by IONOS.

Limitations

Connection Limits: As each connection requires a separate thread, the number of connections is limited to 51200 connections.

CPU: The total upper limit for CPU cores depends on your quota. A single instance can't exceed 16 cores.

RAM: The total upper limit for RAM depends on your quota. A single instance can't exceed 64 GB.

Storage: The upper limit for storage size is 1280 GB.

Backups: Storing cluster backups is limited to the last 7 days. Deleting a cluster also immediately removes all backups of it.

API How-Tos

Quick Links:

Database Migration

This How-to shows you how to migrate your MongoDB data from one cluster to another one. For example how to migrate from your existing on-premise MongoDB cluster to the IONOS MongoDB cluster.

This migration requires some downtime, as you need to stop write operations to your old cluster during dumping the data.

High level plan

The steps for a migration are as follows:

Restore a Database

You can restore a database cluster in-place from a previous snapshot.

Listing available snapshots of a cluster

To restore from a snapshot you will need to provide a snapshot ID. You can request a list of all available snapshots:

DCD How-Tos

Set User Privileges

Overview

Only contract owners or administrators may configure MaaS by default. Monitored metrics are "read-only" for all other user types. Additional users must be granted access via IONOS Cloud User Management, which is available in the as well as via . Prior to setting privileges for an additional user, ensure they have access to the specific .

Granting user privileges

MaaS has a new group privilege called Access and Manage Monitoring. The privilege must be enabled for a group so that members of the group inherit this privilege through group privilege settings.

Once the privilege is granted, contract users can access monitoring metrics of virtual instances running in virtual data centers that are shared with them. Contract owners and administrators can access monitoring metrics of all virtual instances, as they have access to all VDCs at any given time.

Managing user privileges

Use the following procedure to manage monitoring privileges:

1. Open Management in the DCD.

2. Select the Users & Groups option under Users.

3. A User Manager modal will open up. Select the Groups tab.

4. Select the target group.

5. Check the Access and Manage monitoring check box. The box turns blue and displays a tick box.

6. Close the User Manager window. Privileges are activated for the selected group.

Revoking user privileges

Revoke user access by either removing the user from all groups that have the privilege enabled or by disabling the privilege in each respective group.

You can revoke this privilege from a contract administrator only by disabling the administrator option on the user account. The respective user will then fall back into the role of a contract user. All privileges that were set up for the user, before nomination as administrator, will then be in effect.

IONOS S3 Object Storage

IONOS S3 Object Storage is a service offered by IONOS for storing and accessing unstructured data. The Object Storage is fully S3-compliant, which means that it can be used to manage buckets and objects using existing S3 clients. For assistance with your hosting requirements, consult our user guides, reference documentation, and FAQs.

Developer Tools

Pricing

The pricing model for IONOS S3 Object Storage is as follows:

Storage space is charged per GB per hour
Traffic is charged by gigabytes. Incoming traffic and cross-region replication traffic are free

DCD How-Tos

Connect via SSH

When creating based on IONOS Linux images, you can inject into your . This lets you access your VM safely and allows for secure communication. SSH keys that you intend to use more often can be saved in the SSH Key Manager.

Types of SSH keys

Default SSH keys: SSH keys that you intend to use often and mark them as such in the SSH Key Manager. Default SSH keys are preselected when you configure storage devices. You can specify which SSH keys are actually to be used before and deselecting the preselected standard keys in favor of another SSH key.

Ad-hoc SSH keys: SSH keys that you only use once and don't intend to save in the SSH Key Manager for later re-use.

Generating an SSH key

SSH keys can be generated and used on macOS or Linux if both OpenSSH and the ssh-keygen command-line tools are installed. OpenSSH is a collection of tools for establishing SSH connections to remote servers, while ssh-keygen is a utility for generating SSH keys.

Manually generate SSH keys when working with OpenSSH via the Terminal application by following the steps below.

1. Enter the following command below into the Terminal window and press ENTER.

The key generation process is initiated by the command above. When you run this command, the ssh-keygen utility prompts you for a location to save the key.

2. Accept the default location by pressing the ENTER key, or enter the path to the file where you want to save the key /home/username/.ssh/id_rsa.

If you have previously generated a key pair, you may see the following prompt below. If you choose to overwrite the key, you will no longer authenticate with the previous key that was generated.

3. Enter the passphrase that will be used to encrypt the private key file on the disk. You can also press ENTER to accept the default (no passphrase). However, we recommend that you use a passphrase.

4. Enter your passphrase once more.

After you confirm the passphrase, the public and private keys are generated and saved in the specified location. Thus, the confirmation will look like this:

The public key is saved to the file id_rsa.pub which will be the key you upload to your DCD account. Your private key is saved to the id_rsa file in the .ssh directory and is used to verify that the public key you use belongs to the same DCD account.

You can copy the public key to your clipboard by running the following command:

Storing SSH keys

In the SSH Key Manager of the DCD, you can save and manage up to 100 public SSH keys for the setup of SSH accesses. This saves you from having to repeatedly copy and paste the public part of an SSH key from an external source.

1. To open the SSH Key Manager, go to Menu > MANAGER resources > SSH Key Manager.

2. In the SSH Key Manager, select + Add Key.

3. Enter a Name and click Add.

4. Copy and paste the public key to the SSH key field. Alternatively, you may upload it via Select key file. Please ensure the SSH keys you enter are valid. The DCD does not validate syntax or format.

5. (Optional) Activate the Default checkbox to have the SSH key automatically pre-selected when SSH access is configured.

6. Click Save to store the key.

The SSH key is stored in the SSH Key Manager and can be used for the configuration of SSH accesses.

Deleting an SSH key in the SSH Key Manager

To delete an existing SSH key, select the SSH key from the list and click Delete Key.

The SSH key is removed from the SSH Key Manager.

Connecting via OpenSSH

You can connect to your virtual instance via OpenSSH. Still, you will need the terminal application, which varies depending on your operating system. For:

Linux: Search Terminal or press CTRL+ALT+T
macOS: Search Terminal
Windows: Search Bash. If you don’t have Bash installed, use PuTTY instead.

The steps below will show you how to connect to your VM.

1. Open the Terminal application and enter the SSH connection command below. After the @, add the IP address of your VM instance. Then press ENTER.

When you log in for the first time, the server isn't recognized on your local machine, so you'll be asked if you're sure you want to keep connecting. You can type yes and then press ENTER.

2. Authentication is the next step in the connection process. If you've added the SSH keys, you'll be able to connect to the VM immediately or after entering your key pair's passphrase.

If you haven't already added SSH keys, you'll be asked for your password:

3. Once you’ve entered the password, press ENTER.

If the SSH key is configured correctly, this will log you into VM.

Resource Access Control

Users who are not contract owners or administrators need access rights to view, use, or edit resources in a . These access rights are assigned to groups and are inherited by group members.

Setting access rights and ownership

Users can access a resource with the following access rights:

Read: Users can see and use the resource, but they cannot modify it. Read access is automatically granted as soon as a user is assigned to a group that has this access right.
Edit: Users can modify and delete the resource.
Share: Users can share a resource, including their access rights, with the groups to which they belong.

A user who created a resource is the owner of that resource and can specify its access rights.

The owner is shown in the Security tab of a resource.

Setting restrictions using Two-Factor Authentication

In addition to enabling access to resource, for users of authorized groups only, data centers and snapshots can be protected even further by restricting access to users who have activated. Other users cannot see or select these resources - even if they belong to an authorized group.

Depending on their role, users can set access rights at the resource level and in the User Manager.

Setting access rights at the resource level

Prerequisites: Make sure that you have the appropriate permissions. Only contract owners, administrators, or users with access rights permission can share the required resource. Other user types have read-only access and cannot provision changes.

Select the required resource
Open the data center:

Images: Menu Bar > Resource Manager > Image Manager > Image.
Snapshots: Menu Bar > Resource Manager > Image Manager > Snapshot.
IP addresses: Menu Bar > Resource Manager >

3. Select the required resource

4. Open Security > Visible to Groups

5. Enable access:

From the + Add Group menu, select the required groups. Read access is granted. Users can see and use, but not modify the resource.
(Optional) Select further permissions (Edit, Share). You may only share permissions that you have yourself.

6. Restrict or disable access:

Select the required group
Deactivate the checkbox of the permission

Read access is retained.

Alternatively, you can click Remove Group. Access will be disabled for all members of the selected group.

Optional: To protect the resource (data center, snapshots) more thoroughly by only allowing access to users whose login is secured with 2-factor authentication, activate the 2-Factor Protected check box.

Setting access rights in the User Manager

Contract owners and administrators can also define in the User Manager who may access a resource to what extent.

Prerequisites: Make sure you have the appropriate permissions. Only contract owners and administrators can set the access rights.

Set the access rights in the User Manager

Open the User Manager: Menu Bar > Resource Manager > User Manager.
In the Resources, select the required resource.
Open the Visible to Groups.

From the + Add Group list, add the required groups.
(Optional) To enable write access or sharing of a resource, activate the relevant check box.

5. Disable access: deactivate the checkbox of the permission or click Remove Group.

Assigning resources to a group

In the Groups, select the required group.
Open the Resources of Group.
To enable access:

Select the required resource by clicking on + Grant Access. This enables read access to the selected resource.
(Optional) To enable write access or sharing of a resource, activate the respective check box.

4. To disable access:

Select the required resource.
Deactivate the check box of the appropriate permission or click on Revoke Access.

You can find more information about managing the Groups .

Images & Snapshots

IONOS provides you with a number of ready-made images that you can use immediately. You can also use your own images by uploading them via our access. Your IONOS account supports many types of images as well as ISO images from which you can install an operating system or software directly, using an emulated CD-ROM drive.

Image types

The following image types can be uploaded:

Snapshots

are images generated from that have already been provisioned. You can use these images for other storages. This feature is useful, for example, if you need to quickly roll out more that have the same or similar configuration. You can use snapshots on HDD and storage, regardless of the storage type for which the snapshot was created. To create snapshots, users who are not contracted owners or administrators need to have the appropriate privileges.

Creating a snapshot

You can create snapshots from provisioned SSD and HDD storages. Regardless of the underlying storage type (HDD or SSD), snapshots use up HDD storage space assigned to an IONOS account. Therefore, if you want to create a snapshot, you must have enough HDD memory available.

The VM can be switched on or off when creating a snapshot. To ensure that data still in the RAM of the VM is included in the snapshot. It is recommended that you synchronize the data (with sync under Linux) or shut down the guest operating system (with shutdown -h now under Linux) before creating the snapshot.

Prerequisites: Make sure you have the appropriate permissions. Only contract owners, administrators, or users with the Create Snapshot permission can create a snapshot. Beforehand, ensure that you have sufficient memory available.

Open the required data center.
(Optional) Shut down the server. Creating a snapshot while the server is running takes longer.
Open the context menu of the storage element and select Create Snapshot.

The snapshot is being created. It will be available in the Image Manager and in My own Images > Snapshots.

Uploading an image

We offer FTP access for each of our data center locations so that you can upload your own images. An image is only available at the location where it was uploaded.

You can manage your uploaded images and the snapshots you created with the 's Image Manager. You can specify who can access and use them. Only images and snapshots to which you have access are displayed.

To open the Image Manager, go to Menu Bar > Resource Manager > Image Manager

If you want to upload an image, you must first set up a connection from your computer to the IONOS FTP server. This can be done using an FTP client such as FileZilla or tools from your operating system. Then copy the image to the FTP upload of the IONOS data center location where you wish to use the image. After uploading, the image will be converted to a RAW format. As a result, dynamic HDD images are always used at their maximum size. A dynamic image, for example, whose file size is 3 GB, but which comes from a 50 GB hard disk, will be a 50 GB image again after conversion to the IONOS format. The disk space required for an uploaded image will not affect the resources of your IONOS account and you will not be charged.

FTP addresses:

Frankfurt am Main (DE): ftp://ftp-fra.ionos.com; Karlsruhe (DE): ftp://ftp-fkb.ionos.com; Berlin (DE): ftp://ftp-txl.ionos.com; London (GB): ftp://ftp-lhr.ionos.com; Las Vegas (US): ftp://ftp-las.ionos.com; Newark (US): ftp://ftp-ewr.ionos.com; Logroño (ES): ftp://ftp-vit.ionos.com

In the DCD, FTP addresses are listed here: Menu Bar > Image Manager > FTP Image Upload

Characters allowed for file names of images: a-z A-Z 0-9 - . / _ ( ) # ~ + = blanks.

Note: Images created from UEFI boot machines cannot be uploaded. Only MBR boot images are supported.

Example: Windows 10

In Windows 10, you can upload an image, without additional software, as follows.

How to set up FTP access

Open Windows Explorer.
Select Add a network location from the context menu.
Enter the IONOS FTP address as the location of the website, e.g. ftp://ftp-fkb.ionos.com. An image is only available at the location where it was uploaded.

The FTP connection is available in Windows Explorer.

How to copy an image to the FTP upload.

Open the FTP access on your PC.
In the login dialog box, enter the credentials of your IONOS account.
Copy the image you wish to upload to the folder matching the image type (HDD or iso).

As soon as the upload begins, you will receive a confirmation e-mail from IONOS.

After the upload has been completed, the image will be available in the Image Manager and in Own Images.

How to delete an image or snapshot

If you no longer need a snapshot or image and want to save resources, you can delete it.

Open the Image Manager: Menu Bar > Resource Manager > Image Manager.
To delete a snapshot, open the Snapshots tab and select the snapshot you would like to delete.
To delete an image, open the Images tab and select the image you would like to delete.

In the dialog that appears, confirm your action by entering your password and clicking OK. The selected item is deleted and cannot be restored.

Setup a Virtual Server

The user who creates the Server has full root or administrator access rights. A server, once provisioned, retains all its settings (resources, drive allocation, password, etc.), even after a restart at the operating system level. The server will only be removed from your virtual data center once you delete it in the DCD. For more information, see the Virtual Servers page.

Creating a Server

1. Drag the Server element from the Palette onto the Workspace.

The created server is automatically highlighted in turquoise. The allows you to configure the properties of this individual server instance.

2. In the Inspector pane on the right, configure your server in the Settings tab.

Name: Choose a name unique to this .
: The zone where you wish to physically host the server. Choosing A - Auto selects a zone automatically. This setting can be changed after provisioning.
CPU Architecture: Choose between AMD or Intel cores. You can later change the CPU type for a

Adding a bootable drive

Drag a storage element (HDD or SSD) from the Palette onto a Server in the Workspace to connect them together. The highlighted VM will expand with a storage section.
Click the Unnamed HDD Storage to highlight the storage section. Now you can see new options in the Inspector on the right.

Storage type cannot be changed after provisioning.

Configuring Storage

Enter a name that is unique within your VDC.
Select a zone in which you want the storage device to be maintained. When you select A (Auto), our system assigns the optimal Zone. The Availability Zone cannot be changed after provisioning.
Specify the required storage capacity; the size can be increased after provisioning, even while the server is running, as long as this is supported by its operating system. It is not possible to reduce the storage size after provisioning.

You can select one of IONOS images or snapshots, or use your own. Only images and snapshots that you have access to are available for selection. Since provisioning does not require you to specify an image, you can also create empty storage volumes.

Authentication

Set the root or administrator password for your server according to the guidelines. This is recommended for both operating system types
Select an SSH key stored in the SSH Key Manager.
Copy and paste the public part of your SSH key into this field.

Alternative Mode

When adding a storage element using the Inspector, select the appropriate check box in the Add Storage dialog box. If you wish to boot from the network, set this on the server: Server in the Workspace > Inspector > Storage.
It is recommended to always use VirtIO to benefit from the full performance of InfiniBand. IDE is intended for troubleshooting if, for instance, the operating system has no VirtIO drivers installed. In this case, Windows usually displays a "blue screen" when booting.

Adding a CD-ROM drive

To assign an image and specify a boot device, you need to add and configure a storage element.

Click on CD-ROM to add a CD-ROM drive so that you can use ISO images to install and configure an operating system from scratch.
Set up a network by connecting the server to other elements, such as an internet access element or other servers through their NICs.
Provision your changes.

The server is available according to your settings.

Start, Suspend or Reset a Server

We maintain dedicated resources available for each customer. You do not share your physical CPUs with other IONOS clients. For this reason, the servers, switched off at the operating system level, still incur costs.

You should use the DCD to shut down virtual machines so that resources are completely deallocated and no costs are incurred. Servers deallocated this way remain in your infrastructure, while the resources are released and can then be redistributed.

This can only be done in the DCD. Shutting down a VM at the operating system level alone does not deallocate the resources or suspend the billing. Regardless of how the VM is shut down, it can only be restarted using the DCD.

A reset forces the server to shut down and reboot, but data loss may result.

Suspending a server

1. Choose a server. From the Settings tab in the Inspector, select Power > Suspend. The server is not deleted. This only suspends it and deallocates resources.

2. (Optional) In the dialog that appears, connect using Remote Console and shut down the VM at the operating system level to prevent data loss.

3. Confirm your action by checking the appropriate box and clicking Apply Suspend.

4. Provision your changes. Confirm the action by entering your password.

The server is switched off. CPU, RAM, and are released and billing is suspended. Connected storage devices will still be billed. Reserved IP addresses are not removed from the server. The deallocated virtual machine is marked by a red cross in DCD.

Starting a server

1. Choose a server. From the Settings tab in the Inspector, select Power > Start.

2. In the dialog box that appears, confirm your action by checking the appropriate box and clicking Apply STOP.

3. Provision your changes. Confirm the action by entering your password.

The server is booted. A new public IP address is assigned depending on the configuration. Billing is resumed.

Resetting a server

1. Choose a server. From the Settings tab in the Inspector, select Power > Reset.

2. (Optional) In the dialog that appears, connect using the Remote Console and shut down the VM at the operating system level to prevent data loss.

3. Confirm your action by checking the appropriate box and clicking Apply STOP.

4. Provision your changes. Confirm the action by entering your password.

Result: The server will shut down and reboot.

Scaling a Server

1. In the Workspace, select the required server and use the Inspector pane on the right.

If you want to make changes to multiple VMs, select the data center and change the properties in the Settings tab.

In this tab, you will find an overview of all assets belonging to the selected VDC. You can change cores, RAM, server status, and size without having to switch from VM to VM in the Workspace.

2. Modify storage:

(Optional) Create a of the system for recovery in event of problems.

3. In the Workspace, select the required server and increase the CPU size.

4. Provision your changes.

The CPU size is adjusted in the DCD. You must set the new size at the operating system level of your VM.

Deleting a Server

When you no longer need a particular server in your cloud infrastructure, you can remove it with a click of a mouse or keyboard, with or without the associated storage devices.

To ensure that no processes are interrupted and no data is lost, you should turn off the server before you delete it.

1. Select the Server in the Workspace

2. Right-click and open the context menu of the element. Select Delete.

2. You may also select the element icon and press the DEL key.

3. In the dialog that appears, choose whether you also want to delete storage devices that belong to the server.

4. Provision your changes

The server and its storage devices are deleted.

When you delete a server and its storage devices, or the entire data center, their backups are not deleted automatically. Only when you delete a Backup Unit will the backups it contains actually be deleted.

When you no longer need the backups of deleted VMs, you should delete them manually in the to avoid unnecessary costs.

Virtual Machines FAQ

Virtual Servers

What are the maximum resources available for a Server?

Cores

Virtual server configurations are subject to the following limits, according to the CPU type:

AMD CPU: Up to 62 cores and 230 GB RAM
Intel® CPU: Up to 51 Intel® cores and 230 GB RAM

A single Intel® physical core with Hyper-Threading Technology is exposed to the operating system of your virtual server as two distinct “logical cores”, which process separate threads.

Because the size of the working memory (RAM) cannot be processed during the initial configuration, newly provisioned servers with more than 8 GB of RAM may not start successfully when created from IONOS Windows images.

We recommend initially setting the RAM size to 8 GB; RAM size can then be scaled as needed after the initial provisioning and configuration.

HDD storage

Minimum: 1 GB
Maximum: 4 TB

SSD storage

Minimum: 1 GB
Maximum: 4 TB

You can scale up the HDD and SSD storage volumes on need basis.

What are the Availability Zones?

IONOS data centers are divided into separate areas called Availability Zones.

You can enhance reliability and set up high-availability scenarios by deploying redundant virtual servers and storage devices across multiple Availability Zones.

See also:

How do I change the Availability Zone?

Select the server in the DCD Workspace
Use Inspector > Properties > Availability Zone menu to change the Availability Zone

What is Live Vertical Scaling?

Live Vertical Scaling (LVS) technology permits you to scale the number of CPU cores and amount of RAM while the server is running, without having to restart it. Please note that Windows only allows scaling the number of CPU cores, but not the amount of RAM. For scaling to more than eight CPU cores, Windows requires a reboot.

See also:

How do I reboot a server?

Servers can be restarted at the operating system level (using the reboot command, for instance). You can also use the DCD reset function, which functions similarly to a physical server's reset button.

See also:

How do I shut down a server?

You should use DCD to shut down your server completely. Your VM will then be marked as "shut down" in the DCD. Shutting down a VM at the operating system level alone does not deallocate its resources or suspend the billing.

See also:

How do I delete a server?

You can delete a server in the DCD Workspace by right-clicking it and selecting Delete, or by selecting (clicking) the server and pressing the Del key.

See also:

What do I do when my VM isn't accessible?

Try to connect to your VM using the Remote Console to see if it is up and running. If you have trouble logging on to your VM, please provide our support team with screenshots of error messages and prompts from the Remote Console.

Windows users: Please send us a screenshot of the Task Manager.
Linux users: Please send us the output of uptime and top.

How do I get the root/admin passwords with IONOS images?

When using IONOS-provided images, you set the passwords yourself prior to provisioning.

Why does my newly provisioned server not start?

Newly provisioned servers with more than 8 GB of RAM may not start successfully when created from IONOS Windows images, because the RAM size cannot be processed during the initial configuration.

An error is displayed according to the server version; for example, Windows Server 2012 R2 displays the following message:

"Windows could not finish configuring the system. To attempt to resume configuration, restart the computer."

We recommend initially setting the RAM size to 8 GB, and rescaling it as needed after the initial provisioning and configuration is complete.

Which CPU architecture should I choose?

The choice of CPU architecture primarily depends on your workload and performance requirements. Intel® processors are oftentimes more powerful than AMD processors. Intel® processors are designed for compute-intensive applications and workloads where the benefits of hyperthreading and multitasking can be fully exploited. Intel® cores cost twice as much as AMD cores. Therefore, it is recommended that you measure and compare the actual performance of both CPU architectures against your own workload. You can change the CPU type in the DCD or use the API, and see for yourself whether Intel® processors deliver significant performance gains, or more economical AMD cores still meet your requirements.

With our unique "Core Technology Choice" feature, we are the only cloud computing provider that makes it possible to flexibly change the processor architecture per virtual instance.

What do I do if the cursor in the Remote Console disappears?

When the cursor disappears after logging on to the Remote Console, you can reconnect to the server using the appropriate menu entry.

Cloud Cubes

What are Cloud Cubes?

For a long time, the duopoly of virtual private servers (VPS) and dedicated cloud servers dominated virtualized computing environments.

Enter Cloud Cubes — virtual private service instances — the next generation of IaaS. Developed by IONOS Cloud, Cubes are ideal for specific workloads that do not require high compute performance from all resources at all times — development and testing environments, website hosting, simple web applications, and so on.

While based on shared resources, the Cubes can rival physical servers through a platform design that can redistribute available performance capacities among individual instances. At the same time, reduced operational complexity and highly optimized resource utilization translate into lower operating costs.

Cubes instances come complete with vCPUs, RAM, and direct-attached NVMe storage volumes; choose among standard by selecting one of several for your Cubes. Storage capacities can be expanded further by to your Cubes.

Cubes instances can be used together with all enterprise-grade features, resources, and services, offered by IONOS Cloud.

Affordable, quickly available, and with everything you need — have your Cubes up and running in minutes in the IONOS Cloud.

PVPanic Device

What is the PVPanic device for?

The device monitors VM/OS crashes. PVPanic is a simulated device, through which a guest panic event is sent to the hypervisor, and a QMP event is generated.

Do I need to restart the VM to get PVPanic?

No, the PVPanic device is plug-and-play. However, installing drivers may require a restart.

What happens if Windows VMs complain about an unknown device?

This is no cause for concern. First of all, you do not need to reboot the VM. However, you will need to reinstall appropriate drivers (which are provided by IONOS Cloud).

Are there any risks when enabling the use of PVPanic?

There are no issues found when enabling pvpanic. However, users can’t choose whether or not to enable the device - it is always available for use.

Something else to consider - PVPanic does not offer bidirectional communication between the VM and the hypervisor. Instead, the communication only goes from the VM towards the hypervisor.

Are there any compatibility issues with AMD or Intel processors?

There are no special requirements or limitations to any components of a virtualized server. Therefore, PVPanic is completely compatible with AMD and Intel processors.

Do we support hardware solutions?

The PVPanic device is implemented as an ISA device (using IOPORT).

Does my Linux image support the Pvpanic device?

Check the kernel config CONFIG_PVPANIC parameter.

For example:

m = PVPanic device is available as module y = PVPanic device is native available in the kernel n = PVPanic device is not available

When the device is not available (CONFIG_PVPANIC=n), use another kernel or image.

How do I install the device driver for the pvpanic device on Windows?

For your virtual machines running Microsoft Windows, we provide an ISO image that includes all the relevant drivers for your instance. Just log into DCD, open your chosen virtual data center, add a CD-ROM drive and insert the driver ISO as shown below (this can also be done via CloudAPI).

Please note that a reboot is required to add the CD drive.

Once provisioning is complete, you can log into your OS by adding drivers for the unknown device through the Device Manager. Just enter devmgmt.msc in the Windows search bar, console, or PowerShell to open it.

Since this is a Plug & Play driver, there is no need to reboot the machine.

Overview

Block storage is a type of IT architecture in which data is stored as a file system. Block storage provides endless possibilities for storing large amounts of information. It guarantees the safety of resource planning systems and provides instant access to the required amount of data without delay.

Storage types and options

The virtual storage devices you create in the DCD are provisioned and hosted in one of the IONOS physical data centers. Virtual storage devices are used in the same way as physical storage devices and can be configured and managed within the server's operating system.

A virtual storage device is equivalent to an iSCSI block device and behaves exactly like direct-attached storage. IONOS block storage is managed independently of servers. It is therefore easily scalable. You can assign a hard disk image to each storage device via DCD (or ). You can use one of the IONOS images, your own image, or a snapshot created with DCD (or API). You have a choice of hard disk drive () and solid-state drive () storage technologies while SSD is available in two different performance classes. Information on setting up the storage can be found .

Up to 24 storage volumes can be connected to a virtual server or a Cloud Cube (while the Cloud Cube already has one virtual storage device attached per default). You can use any mix of volume types if necessary.

IONOS Cloud provides HDD as well a SSD block storage in a double-redundant setup. Each virtual storage volume is replicated four times and stored on distributed physical devices within the selected data center location.

HDD storage

The following performance and configuration limits apply per HDD volume. The performance of HDD storage is static and independent of its volume size.

Performance HDD storage:

Read/write speed, sequential: 200 Mb/s at 1 MB block size
Read/write speed, full random:
- Regular: 1,100 IOPS at 4 kB block size

Limits HDD storage:

Minimum Size per Volume: 1 GB
Maximum Size per Volume: 4 TB

Larger volumes can be made available on request. Please contact our

SSD storage

SSD storage volumes are available in two performance classes - SSD Premium and SSD Standard. The performance of SSD storage depends on the volume size. Please find the respective performance and configuration limits listed below.

Performance SSD Premium storage:

Read/write speed, sequential: 1 Mb/s pro GB at 1 MB block size
Read speed, full random: 75 IOPS per GB at 4 KB block size
Write speed, full random: 50 IOPS per GB at 4 KB block size

Limits SSD Premium storage:

Minimum Size per Volume: 1 GB
Maximum Size per Volume: 4 TB
- Maximum Read/write speed, sequential: 600 Mb/s per volume at 1 MB block size

Larger volumes can be made available on request. Please contact our

Performance SSD Standard storage:

Read/write speed, sequential: 0,5 Mb/s pro GB at 1 MB block size
Read speed, full random: 40 IOPS per GB at 4 KB block size
Write speed, full random: 30 IOPS per GB at 4 KB block size

Limits SSD Premium storage:

Minimum Size per Volume: 1 GB
Maximum Size per Volume: 4 TB
- Maximum Read/write speed, sequential: 300 Mb/s per volume at 1 MB block size

Larger volumes can be made available on request. Please contact our

SSD performance: The performance of SSD storage is directly related to the volume size. To get the full benefits of high-speed SSDs, we recommend that you book SSD storage units of at least 100 GB. You can use smaller volumes for your , but performance will be suboptimal, compared to that of the larger units. When storage units are configured in DCD, expected performance is predicted based on the volume size (Inspector > Settings). For storage volumes of more than 600 GB the performance is capped at the maximum as specified in the documentation above.

Availability Zones

Secure your data, enhance reliability, and set up high-availability scenarios by deploying your virtual servers and storage devices across multiple .

Assigning different Availability Zones ensures that redundant modules reside on separate physical resources at IONOS. For example, a server or a storage device assigned to Availability Zone 1 resides on a different resource than a server or storage device assigned to Availability Zone 2.

For HDD and SSD Storages you have the following Availability Zone options:

Zone 1
Zone 2
Zone 3

The server Availability Zone can also be changed after provisioning. The storage device's Availability Zone is set on first provisioning and cannot be changed subsequently. However, you can take a and then use it to provide a storage device with a new Availability Zone.

Authentication

The first time you create a storage unit based on a public image, you must select at least one authentication method. Without authentication, the image on the storage unit cannot be provisioned. The authentication methods available depend on the IONOS operating system image you select.

Authentication methods depend on the operating system.

Authentication methods

SSH key

Password

We recommend using both SSH and a password with IONOS Linux images. This will allow you to log in with the . It is not possible to provision a storage unit with a Linux image without specifying a password or an SSH key.

Passwords: Provisioning a storage device with a Windows image is not possible without specifying a password. It must be between 8 and 50 characters long and may only consist of numbers (0 - 9) and letters (a-z, A - Z). For IONOS Linux images, you can specify a password along with SSH keys, so that you can also log in without the SSH, such as with the Remote Console. The password is set as the root or administrator password with corresponding permissions.

SSH (Secure Shell): To use SSH, you must have an SSH key pair consisting of public and private keys. The private key is installed on the client (the computer you use to access the server), and the public key is installed on the (virtual) instance (the server you wish to access). The IONOS SSH feature requires that you have a valid SSH public/private key pair and that the private key is installed as appropriate for your local operating system.

If you set an invalid or incorrect SSH key, it must be corrected on the side of the virtual machine.

Limitations

IONOS is focused on ensuring the uninterrupted and cost-efficient operation of your services. This is why we offer a selection of tested operating systems for immediate use in your virtual cloud instances. To ensure uninterrupted, secure, and stable performance, all operating systems, regardless of their source, should meet the following requirements:

are essential for the operation of virtual network cards
The following are the recommended drivers for the operation of virtual storage:
- VirtIO (maximum performance)

The older an OS version, the greater the risk of performance and stability losses. It is recommended that you always switch to the current versions well before the manufacturer's support for your old version expires. This will greatly improve your operating system's security and functionality.

When operating software appliances, it is recommended that you use the images that have been specially prepared for the KVM hypervisor.

If you are using special software appliances or operating systems that are not listed here, Please contact our . We would be happy to explore the possibility of using such systems within the IONOS Enterprise Cloud and advise you on the best possible implementation.

Account Settings

Introduction

The Account Management panel is accessed by clicking on your name and email address. Here you can perform key administrative tasks related to your account and contract. Only Contract Owners have complete access. Consult access levels by user Role:

Menu item

Contract Owner

Administrator

User

My Settings

You can set default values for future . Each time you open a new VDC, DCD will place your resources in the preset location, assigning them the same number of cores, memory size, capacity, and reserved . For example, you can specify that all new VDCs must be located in Karlsruhe, or that all processors will use the Intel architecture.

1. Go to Account Management > My Settings.

2. In the My Settings panel, set default values for Session, Data Center, Server, and Storage.

Your new values are valid immediately. You may undo your changes by clicking on Reset or the Reset All button.

Password & Security

Your IONOS Cloud account comes with a number of security features to protect you from unauthorized access:

Changing your password

You define the password for your IONOS account yourself during the registration process. Your password must contain at least eight characters and a mixture of upper and lowercase letters and special characters.

1. Go to Account Management > Password & Security > Change Password.

2. Enter your Current Password and the New Password twice. Click Change Password.

The password is changed and becomes effective with the next login.

Forgot your password? Click to reset it.

2-Factor Authentication

In addition to log-in credentials, this authentication method also requires an app-generated security code. Once has been activated, you can only access your account by receiving this code from the Google Authenticator App. This method can be extended to hide specific data centers and snapshots from users, even if they belong to an authorized group. This feature is only available in DCD.

Prerequisites: The Google Authenticator App is compatible with all Android or iOS mobile devices. You can install it on your device, free of charge, from the or from . The app must be able to access your camera and the time on the mobile device needs to be set automatically.

Users can turn on 2-Factor Authentication for their own accounts. Make sure it is not already activated by a Contract Owner or Administrator.

1. Go to Account Management > Password & Security.

2. Check the box: Enable 2-Factor Authentication. The Setup Assistant will open.

3. Proceed through each step by clicking Next.

Setting Support PIN

To ensure support calls are made by authorized users, we usually ask for the support PIN to verify the account. You can set your support PIN in the DCD and change it at any time. To set or change your support PIN, use the following procedure:

1. Go to Account Management > Password & Security > Set Support PIN.

2. Enter your support PIN in the PIN field. Click Set Support PIN.

The support PIN is now saved. You can use it to verify your account with .

Resource Overview

In this tab, you can track the global usage of resources available in your account.

Furthermore, this page provides an overview of usage limits per virtual instance.

Cost and Usage

In this tab, you can view the breakdown of estimated costs for the next invoice. The costs displayed in the DCD are a non-binding extrapolation based on your resource allocation since the last invoice. Please refer to your invoice for the actual costs. For more pricing information, please visit our page.

1. Go to Account Management > Cost and Usage. The list breaks down your Snapshot, IP address, and Data Center usage.

2. You may click the down arrow to expand each section to view individual item charges.

The Total amount displayed excludes VAT.

Payment Method

As a contract owner, you can choose between two payment methods: direct debit or a credit card.

1. Open the Account Management > Payment Method.

2. Choose either method, enter your information, and Submit.

Credit card data are safely stored with our payment service provider. If you choose to pay by direct debit, you will receive a form from us with which we ask you to give us a direct debit authorisation in writing.

Contract Owners

Custom settings: If you wish to change your e-mail address or username, please contact your sales representative or our .

Removing a user account: As a contract owner or administrator, you can cancel a user account by removing the user from the User Manager. Resources created by the user are not deleted.

Canceling your account: If you wish to cancel your Enterprise Cloud (IaaS) contract and delete your account including all VDCs completely, please contact your IONOS account manager or the .

If you are a 1&1 IONOS hosting customer, please refer to the following help page: .

Overview

The DCD helps you interconnect the elements of your infrastructure and build a network to set up a functional VDC. Virtual networks work just like normal physical networks. Transmitted data is completely isolated from other subnets and cannot be intercepted by other users.

You won't find any switches in the DCD by design. Switching, routing, and forwarding functionality is deeply integrated into our network stack, which means we are responsible for distributing your traffic. If you wish to route from one of your private networks to the next by means of a virtual machine, the virtual machine must be configured accordingly, and the routing table adjusted.

IP settings: By default, IP addresses are assigned by our DHCP server. You can also assign IP addresses yourself. You can use any ethernet-based protocol. We do support TCP/IP and DHCP. MAC addresses cannot be modified.

Firewall: In order to protect your network against unauthorized access or attacks from the Internet, you can activate the firewall for each NIC. By default, this will block all traffic, and you will have to configure the rules to specify what data can pass through. For TCP, UCD, and ICMP protocols, you can specify rules for individual source or target IPs.

Network Interface Cards

IONOS Cloud allows virtual entities to be equipped with network cards (“network interface cards”; NICs). Only by using these virtual network interface cards, it is possible to connect multiple virtual entities together and/or to the Internet.

The maximum external throughput may only be achieved with a corresponding upstream of the provider.

Compatibility

The use of virtual MAC addresses and/or the changing of the MAC address of a network adapter is not supported. Among others, this limitation also applies to the use of CARP (Common Address Redundancy Protocol).
Gratuitous ARP (RFC 826) is supported.
Virtual Router Redundancy Protocol (VRRP) is supported based on gratuitous ARP. For VRRP to work IP failover groups must be configured.

External Network

Depending on the location, different capacities for transmitting data to or from the Internet are available for operating the IONOS Cloud service. Due to the direct connection between the data centers at the German locations, the upstream can be used across locations.

The total capacities of the respective locations are described below:

* - 2 x 10 Gbps toward Karlsruhe; 2 x 10 Gbps toward the Internet

** - 2 x 10 Gbps toward Frankfurt am Main; 1 x 10 Gbps toward the Internet

IONOS backbone AS-8560, to which IONOS Cloud is redundantly connected, has a high-quality edge capacity of 1.100 Gbps with 2.800 IPv4/IPv6 peering sessions, available in the following Internet and peering exchange points: AMS-IX, BW-IX, DE-CIX, ECIX, Equinix, FranceIX, KCIX, LINX.

Internal Network

IONOS Cloud operates redundant networks at each location. All networks are operated using the latest components from brand manufacturers with connections up to 100 Gbps.

IONOS Cloud uses high-speed networks based on InfiniBand technology both for connecting the central storage systems and for handling internal data connections between customer servers.

Core Network

IONOS Cloud operates a high availability core network at each location for the redundant connection of the product platform. All services provided by IONOS Cloud are connected to the Internet via this core network.

The core network consists exclusively of devices from brand manufacturers. The network connections are completed via an optical transmission network, which, by use of advanced technologies, can provide transmission capacities of several hundred gigabits per second. Connection to important Internet locations in Europe and America guarantees the customer an optimal connection at all times.

Data is not forwarded to third countries. At the customer’s explicit request, the customer can opt for support in a data center in a third country. In the interests of guaranteeing a suitable data protection level, this requires a separate agreement (within the meaning of article 44-50 DSGVO and §§ 78 ff. BDSG 2018).

IP Address Management

IONOS Cloud provides the customer with public that, depending on the intended use, can be booked either permanently or for the duration for which a virtual server exists. These IP addresses provided by IONOS Cloud are only needed if connections are to be established over the Internet. Internally, virtual machines can be freely networked. For this, IONOS Cloud offers a DHCP server that allows and/or simplifies the assignment of IP addresses. However, one can establish one’s own addressing scheme.

See also:

Public IPv4 Addresses

Every interface card that is connected to the Internet is automatically assigned a public IPv4 address by DHCP. This IPv4 address is dynamic, meaning it can change while the virtual server is operational or in the case of a restart.

Customers can reserve static public IPv4 addresses for a fee. These reserved IPv4 addresses can be assigned to a virtual network interface card, which is connected to the Internet, as primary or additional IP addresses.

Private IPv4 Addresses

In networks that are not connected to the Internet, each virtual network interface card is automatically assigned a private IPv4 address. This is assigned by the DHCP service. These IPv4 addresses are assigned statically to the MAC addresses of the virtual network interface cards.

The use of the IP address assignment can be enabled or disabled for each network interface card. Any private IPv4 addresses pursuant to RFC 1918 can be used in private networks.

DDoS Protect

IONOS DDoS Protect is a managed Distributed Denial of Service defense mechanism, which ensures that every customer resource hosted on IONOS Cloud is secure and resilient against Layer 3 and Layer 4 DDoS attacks. This is facilitated by a filtering and scrubbing technology, which in event detection of an attack filters the malicious DDoS traffic and lets through only the genuine traffic to its original destination. Hence, enabling applications and services of our customers to remain available under a DDoS attack.

Known attack vectors regularly evolve and new attack methods are added. IONOS Cloud monitors this evolution and dedicates resources to adapt and enhance DDoS Protect as much as possible to capture and mitigate the threat.

The service is currently available in the following data centers: Berlin, Frankfurt, and Karlsruhe, and will be available in the remaining data centers soon.

The service is available in two packages:

DDoS Protect Basic: This package is enabled by default for all customers and does not require any configuration. It provides basic DDoS Protection for every resource on IONOS Cloud from common volumetric and protocol attacks and has the following features:

DDoS traffic filtering - All suspicious traffic is redirected to the filtering platform where the DDoS traffic is filtered and the genuine traffic is allowed to the original destination.
Always-On attack detection - The service is always on by default for all customers and does not require any added configuration or subscription.
Automatic Containment - Each time an attack is identified the system automatically triggers the containment of the DDoS attack by activating the DDoS traffic and letting through only genuine traffic.

DDoS Protect Advanced: This package offers everything that's part of the DDoS Protect Basic package plus advanced security measures and support.

24/7 DDoS Expert Support - Customers have 24/7 access to IONOS Cloud DDoS expert support. The team is available to assist customers with their concerns regarding ongoing DDoS attacks or any related issues.
Proactive Support - The IONOS Cloud DDoS support team, equipped with alarms, will proactively respond to a DDoS attack directed towards a customer's resources and also notify the customer in such an event.
On-demand IP specific DDoS filtering - If a customer suspects or anticipates a DDoS attack at any point in time, he can request to enable DDoS filtering for a specific IP or server owned by him. Once enabled, all traffic directed to that IP will be redirected to the IONOS Cloud filtering platform where DDoS traffic will be filtered and genuine traffic will be passed to the original destination.

Note! IONOS Cloud sets forth Security as a Shared Responsibility between IONOS Cloud and the customer. We at IONOS Cloud strive at offering a state-of-the-art DDoS defense mechanism. Successful DDoS defense can only be achieved by a collective effort on all aspects including optimal use of firewalls and other settings in the customer environment.

Overview

DBaaS for PostgreSQL is fully integrated into the Data Center Designer and has a dedicated API. You may also launch it via automation tools like Terraform and Ansible.

Compatibility: DBaaS gives you access to the capabilities of the PostgreSQL database engine. This means that the code, applications, and tools you already use today with your existing databases can be used with DBaaS. IONOS Cloud currently supports PostgreSQL versions 11, 12, 13, and 14.

Locations: As of December 2022, DBaaS is offered in all IONOS Cloud Locations.

Features

Scalable: Fully managed clusters that can be scaled on demand.
High availability: Multi-node clusters with automatic node failure handling.
Security: Communication between clients and the cluster is encrypted using TLS certificates from Let's Encrypt.

Platform Tasks

Note: IONOS Cloud doesn’t allow superuser access for PostgreSQL services. However, most DBA-type actions are still available through other methods.

DBaaS services offered by IONOS Cloud:

Our platform is responsible for all back-end operations required to maintain your database in optimal operational health.

Database installation via the DCD or the DBaaS API.
Pre-set database configuration and configuration management options.
Automation of backups for a period of 7 days.

Customer database administration duties:

Tasks related to the optimal health of the database remain the responsibility of the customer. These include:

Optimisation.
Data organisation.
Creation of indexes.

Logs: The logs that are generated by a database are stored on the same disk as the database. We provide logs for connections, disconnections, waiting for locks, DDL statements, any statement that ran for at least 500 ms, and any statement that caused an error (see PostgreSQL ). Currently, we do not provide an option to change this configuration.

To conserve disk space, log files are rotated according to size. Logs should not consume more than 175 MB of disk storage. The files are continuously monitored and log messages are shipped to a central storage location with a retention policy of 30 days.

Write-Ahead Logs: PostgreSQL uses (WAL) for continuous archiving and point-in-time recovery. These logs are created in addition to the regular logs.

Every change to the database is recorded in the WAL record. WALs are generated along with daily base backups and offer a consistent snapshot of the database as it was at that time. WALs and backups are automatically deleted after 7 days, which is the earliest point in time you can recover from. Please consult for more information.

Password encryption: Client libraries must support SCRAM-SHA-256 authentication. Make sure to use an up-to-date client library.

Connection encryption: All client connections are encrypted using TLS; the default is prefer and clients cannot disable it. Server certificates are issued by Let's Encrypt and the root certificate is . This needs to be made available to the client for verify-ca and verify-full to function.

Certificates are issued for the DNS name of the cluster which is assigned automatically during creation and will look similar to pg-abc123.postgresql.de-txl.ionos.com. It is available via the IONOS API as the dnsName property of the cluster resource.

Here is how to verify the certificate using the psql command line tool:

Resource Usage

Resource quotas: Each customer contract is allotted a resource quota. The available number of CPUs, RAM, storage, and database clusters is added to the default limitations for a VDC contract.

16 CPU Cores
32 GB RAM
1500 GB Disk Space

Additionally, a single instance of your database cluster can not exceed 16 cores and 32GB RAM.

Calculating RAM Requirements: The RAM size must be chosen carefully. There is 1 GB of RAM reserved to capture resource reservation for OS system daemons. Additionally, internal services and tools use up to 500 MB of RAM. To choose a suitable RAM size, the following formula must be used.

ram_size = base_consumption + X * work_mem + shared_buffers

The base_consumption and reservation of internal services is approximately 1500 MB.
X is the number of parallel connections. The value work_mem is set to 8 MB by default.
The

Calculating Disk Requirements:

The requested disk space is used to store all the data that Postgres is working with, incl. database logs and WAL segments. Each Postgres instance has its storage (of the configured size). The operating system and applications are kept separately (outside of the configured storage) and are managed by IONOS.

If the disk runs full Postgres will reject write requests. Make sure that you order enough margin to keep the Postgres cluster operational. You can monitor the storage utilization in DCD.

WAL segments: In normal operation mode, older WAL files will be deleted once they have been replicated to the other instances and backed up to archive. If either of the two shipments is slow or failing then WAL files will be kept until the replicas and archive catch up again. Account for enough margin, especially for databases with high write load.

Log files: Database log files (175 MB) and auxiliary service log files (~100 MB) are stored on the same disk as the database.

Limitations

Connection Limits: The value for is calculated based on RAM size.

RAM size

max_connections

The superuser needs to maintain the state and integrity of the database, which is why the platform reserves 11 connections for internal use: connections for superusers (see ), for replication.

CPU: The total upper limit for CPU cores depends on your quota. A single instance cannot exceed 16 cores.

RAM: The total upper limit for RAM depends on your quota. A single instance cannot exceed 32 GB.

Storage: The upper limit for storage size is 2 TB.

Backups: Storing cluster backups in an IONOS S3 Object Storage is limited to the last 7 days.

Performance Considerations

Database instances are placed in the same location as your specified LAN, so network performance should be comparable to other machines in your LAN.

Estimates: A test with pgbench (scaling factor 1000, 20 connections, duration 300 seconds, not showing detailed logs) and a single small instance (2 cores, 3 GB RAM, 20 GB HDD) resulted in around 830 transactions per second (read and write mixed) and 1100 transactions per second (read-only). For a larger instance (4 cores, 8 GB RAM, 600GB Premium SSD) the results were around 3400 (read and write) and 19000 (read-only) transactions per second. The database was initialized using pgbench -i -s 1000 -h <ip> -U <username> <dbname>. For benchmarking the command line used was pgbench -c 20 -T 300 -h <ip> -U <username> <dbname> for the read/write tests, and pgbench -c 20 -T 300 -S -h <ip> -U <username> <dbname> for the read-only tests.

Note: To cite the : "It is very easy to use pgbench to produce completely meaningless numbers". The numbers shown here are only ballpark figures and there are no performance guarantees. The real performance will vary depending on your workload, the IONOS location, and several other factors.

Activate Extensions

Available PostgreSQL extensions

There are several PostgreSQL extensions preinstalled, that you can enable for your cluster. You can enable the extension by logging into your cluster and executing:

The following table shows which extensions are enabled by default and which can be enabled (PostgreSQL version 12):

Extension

Enabled

Version

Description

Note: With select * from pg_available_extensions; you will see more available extensions, but many of them can't be enabled or used without superuser rights and thus aren't listed here.

Products

IONOS Cloud Documentation

hashtagLatest Release: DBaaS MongoDB User Guide

hashtagGetting Started

hashtagAPIs, SDKs & Tools

hashtagProduct User Guides

Getting Started

Data Center Designer

hashtagCore Functionality

hashtagCompatibility

hashtagNext Steps

Compute Engine

DCD How-Tos

Connect via Remote Console

hashtagProcedure

Block Storage

hashtagDeveloper Tools

DCD How-Tos

hashtagHow-Tos

DCD How-Tos

hashtagHow-Tos

Reserve an IP Address

Setup a Firewall

hashtagActivating a Firewall

Managed Services

Managed Kubernetes

hashtagDeveloper Tools

DCD How-Tos

Setup a Cluster

hashtagCreating a cluster in the Kubernetes Manager

Upgrade Node Pools

Download Kubeconfig

hashtagUsing the Kubernetes Manager

hashtagUsing the Inspector pane

hashtag

API How-Tos

Database as a Service

hashtagDatabase Engines

DCD How-Tos

hashtagQuick Links:

View Cluster Metrics

Database Migration

hashtagUsing the SQL script format

Connect from Kubernetes

PostgreSQL FAQ

hashtagWill DBaaS be ever offered on Cloud Cubes?

hashtag

Change Log

MongoDB

hashtagProduct Overview

High Availability

hashtagCluster options

hashtagReplication

hashtagChanging the commit guarantees per transaction

hashtagRead preferences

Backup and Recovery

hashtagBackups

hashtagRecovery

Sizing

hashtagRAM

hashtagDisk

hashtagLimitations

API How-Tos

hashtagQuick Links:

Database Migration

hashtagHigh level plan

Restore a Database

hashtagListing available snapshots of a cluster

DCD How-Tos

Set User Privileges

hashtagOverview

hashtagGranting user privileges

hashtagManaging user privileges

hashtagRevoking user privileges

IONOS S3 Object Storage

hashtagDeveloper Tools

Pricing

DCD How-Tos

Data Center Designer

hashtagCore Functionality

Latest Release: DBaaS MongoDB User Guide

Getting Started

APIs, SDKs & Tools

Product User Guides

Core Functionality

Compatibility

Next Steps

Procedure

Developer Tools

How-Tos

How-Tos

Activating a Firewall

Developer Tools

Creating a cluster in the Kubernetes Manager

Using the Kubernetes Manager

Using the Inspector pane

Database Engines

Quick Links:

Using the SQL script format

Will DBaaS be ever offered on Cloud Cubes?

Product Overview

Cluster options

Replication

Changing the commit guarantees per transaction

Read preferences

Backups

Recovery

RAM

Disk

Limitations

Quick Links:

High level plan

Listing available snapshots of a cluster

Overview

Granting user privileges

Managing user privileges

Revoking user privileges

Developer Tools

Core Functionality

Compatibility

Next Steps

Latest Release: DBaaS MongoDB User Guide

Getting Started

APIs, SDKs & Tools

Product User Guides

Database Engines

Quick Links:

PostgreSQL

Procedure

How-Tos

Using the Kubernetes Manager

Using the Inspector pane

Cluster options

Replication

Changing the commit guarantees per transaction

Read preferences

RAM

Disk

Limitations

Backups

Recovery

Overview

Granting user privileges

Managing user privileges

Revoking user privileges

Developer Tools

How-Tos

Activating a Firewall

Developer Tools

Creating a cluster in the Kubernetes Manager

Using the SQL script format

Will DBaaS be ever offered on Cloud Cubes?

Product Overview

Quick Links: