DCD helps you connect the elements of your infrastructure and build a network to set up a functional virtual data center. Without a connected internet access element, your network is private.
The quickest way to connect elements is to drag them from the Palette directly onto elements that are already in the Workspace. The DCD will then show you whether and how the elements can be connected automatically.
1. Drag the elements from the Palette into the Workspace and connect them through their NICs.
2. In the Workspace, select the required VM; the Inspector will show its properties on the right.
3. From the Inspector pane, open the Network tab. Now you can access NIC properties.
4. Set NIC properties according to the following rules:
MAC: During provisioning, you can specify a custom MAC address. If you do not provide one, a custom address will be automatically assigned. Ensure that any custom MAC address is unicast, adhering to the format xy:xx:xx:xx:xx:xx. Here, x represents any hexadecimal digit (0-9, a-f, A-F), and y must be precisely one of 0, 2, 4, 6, 8, A, C, E (or equivalently a, c, e) to conform with unicast addressing requirements.
Primary IP: The primary IP address is automatically assigned by the IONOS DHCP server. You can, however, enter an IP address for manual assignment by selecting one of the reserved IPs from the drop-down menu. Private IP addresses (according to RFC 1918) must be entered manually. The NIC has to be connected to the Internet.
Failover: If you have an HA setup including a failover configuration on your VMs, you can create and manage IP failover groups that support your HA setup.
Firewall: Configure a firewall.
DHCP: It is often necessary to run a DHCP server in your virtual data center (e.g. PXE boot for fast rollout of VMs). If you use your own DHCP server, clear this check box so that your IPs are not reassigned by the IONOS DHCP server.
Add IP: In order to use "floating" or virtual IPs, you can assign additional IPs to a NIC by selecting them from the drop-down list.
When ready, provision your changes. The VDC will create a private network according to set properties.
1. To split a LAN, select the required LAN in the Workspace.
2. In the Inspector, open the Actions menu and select Split LAN.
3. Confirm by clicking Split LAN.
4. Make further changes to your data center and provision your changes when ready.
The selected LAN is split and new IPs are assigned to the NICs in the new LAN.
1. To merge a LAN, select the required LAN in the Workspace.
2. To integrate this LAN into another LAN.
3. In the Inspector, open the Actions menu and select Merge LAN with another LAN.
4. In the dialog that appears, select the LANs to be merged with the selected LAN.
5. Select the checkboxes of the LANs you wish to keep separate.
6. Confirm by clicking Merge LANs.
(Optional) Make further changes to your data center.
7. Provision your changes
The selected LANs are merged and new IPs are assigned to the NICs in the newly integrated LAN.
A private LAN that is integrated into a public LAN also becomes a public LAN.
Servers with internet access are assigned an IP automatically by the IONOS DHCP server. Please note that multiple servers sharing the same internet interface also share the same subnet. With required permissions, you can add as many internet access elements as you wish.
Users who do not have the permissions to add a new internet access element, can connect to an existing element in their VDC, provided they have the permissions to edit it.
1. To add internet access, drag the Internet element from the Palette onto the Workspace.
2. Connect this element with Servers.
3. Set further properties of the connection at the respective NIC.
Activate and configure a for each Network Interface Card () to better protect your servers from attacks. IONOS Cloud Firewalls can filter incoming (ingress), outgoing (egress), or bidirectional traffic. When configuring firewalls, define appropriate rules to filter traffic accordingly.
To activate a Firewall, follow these steps:
1. In the Workspace, select a Virtual Machine with a NIC.
2. From the Inspector pane, open the Network tab.
3. Open the properties of the NIC for which you want to set up a Firewall.
4. Choose either Ingress, Egress, or Bidirectional traffic flow type for which the Firewall needs to be activated.
Warning: Activating the Firewall without additional rules will block all incoming traffic. Make sure you set the Firewall rules by using Manage Rules.
Result: The Firewall is activated for the selected NIC.
To create a Firewall rule, follow these steps:
1. In the Workspace, select a VM with a NIC.
2. From the Inspector pane, open the Network tab.
3. Open the properties of the NIC for which you wish to manages Firewall Rules.
4. Click Manage Rules.
5. Click Create Firewall Rule and choose from the following type of Firewall rules to add from the drop-down list:
TCP Rule
UDP Rule
ICMP Rule
ICMPv6 Rule
VRRP Rule
GRE Rule
AH Rule
ESP Rule
Any Protocol
6. Enter values for the following in a Firewall rule:
Name: Enter a name for the rule.
Direction Choose the traffic direction between Ingress and Egress.
Source MAC: Enter the Media Access Control (MAC) address to be passed through by the firewall.
Destination IP/CIDR: If you use virtual IP addresses on the same network interface, you can enter them here to allow access.
Port Range Start: Set the first port of an entire port range.
Port Range End: Set the last port of a port range or enter the port from Port Range Start if you only want this port to be allowed.
ICMP Type: Enter the ICMP Type to be allowed. Example: 0 or 8 for echo requests (ping) or 30 for traceroutes.
ICMP Code: Enter the ICMP Code to be allowed. Example: 0 for echo requests.
IP Version: Select a version from the drop-down list. By default, it is Auto.
7. (Optional) You can add Firewall rules from an existing template by using Rules from Template. The Generic Webserver, Mailserver, Remote Access Linux, and Remote Access Windows are the types of Firewall rules you can add from the existing rules template.
8. Alternatively, you may import an existing rule set from the Clone Rules from other NIC.
9. Click Save to confirm creating a Firewall rule.
Result: A Firewall Rule is created with the configured values.
Source IP/CIDR: Enter the to be passed through by the Firewall.