Cross connect

Cross Connect is a feature that allows you to connect virtual data centers (VDC) with each other using a LAN. The VDCs to be connected need to belong to the same IONOS contract and region. You can only use private LANs for a Cross Connect connection. A LAN can only be a part of one Cross Connect.

The IP addresses of the NICs used for the Cross Connect connection may not be used in more than one instance. They need to belong to the same IP range. For the time being, this needs to be checked manually. An automatic check will be available in the future.

Cross connect manager

The Cross Connect Manager is used for managing Cross Connect elements.

In the Cross Connect Manager every connection is listed regardless of the access rights a user has.

To open the Cross Connect Manager, go to: Menu Bar > Resource Manager > Cross Connect Manager

There you can do the following:

Managing permissions

Permissions are required for certain actions in the DCD.

These are as follows:

  • Create data center.

  • Create snapshots.

  • Reserve IP blocks.

  • Access Activity-Log-API.

  • Create Cross Connect elements.

  • Use object storage.

  • Create Managed Kubernetes Clusters.

Contract owners and administrators have these permissions by default. They can manage and assign them to other users in the User Manager.

Prerequisites

  • You are logged on to the DCD. (?)​

  • You are the contract owner or an administrator. (?)​

How to manage permissions

  • Create a new group. (?)​

    • or -

  • Open an existing group.

    Menu Bar > Resource Manager > User Manager > Groups

  • Select the required group.

  • Grant permission:

    • In the Privileges tab, activate the checkbox of the appropriate privilege.

    • In the Members tab, add users to the group that you wish to authorize. (?)​

    Members of the selected group now have the required authorization.

  • Remove permission:

    • Remove user(s) from the group with the privilege in question.

      • or -

    • Deactivate the check box of the privilege for the group.

    The privilege is no longer available to the selected users.

Creating a cross connect

If you want to connect your virtual data centers with each other, you need to create a Cross Connect first.

Prerequisites

  • You are logged on to the DCD. (?)​

  • You are the contract owner or an administrator. (?)​

    • or -

  • You have the permission "Create Private Cross Connects". (?)​

How to create a cross connect

  • Open the Cross Connect Manager.

    Menu Bar > Resource Manager > Cross Connect Manager

  • Select + Create.

  • (Optional) Enter a name and a description for this Cross Connect.

  • Finish your entries by clicking Create Cross Connect.

  • (Optional) Make further changes to your data center.

  • Provision your changes.

    The Cross Connect was created.

You can now:

Managing access to resources

Users who are not contract owners or administrators need access rights to view, use, or edit resources in a virtual data center. These access rights are assigned to groups and inherited to group members.

Access to the following resources can be managed:

  • Data centers.

  • Images.

  • Snapshots.

  • Private Cross Connects.

  • IP addresses.

  • Managed Kubernetes Clusters.

Access rights

Users can access a resource with the following access rights:

  • Read: Users may see and use but not modify the resource. Read access is automatically granted as soon as a user is assigned to a group with this access right.

  • Edit: Users may modify and delete the resource.

  • Share: Users may share the resource including their access rights with groups to which they belong.

Resource owner

A user who created a resource is the owner of that resource and can specify its access rights.

The owner is shown in the Security tab of a resource.

Access restriction using 2-factor authentication

In addition to enabling access to resources for users of authorized groups only, data centers and snapshots can be even further protected by restricting access to users who have 2-factor authentication activated. Other users cannot see or select these resources - even if they belong to an authorized group.

See also:

Depending on their role, users can: set access rights

Setting access rights at the resource level

Prerequisites

  • You are the contract owner or an administrator. (?)​

    • or -

  • You have permission to share the required resource. (?)​

  • You need to be a member of the group for which you want to specify the access rights of a resource.

  • You are logged on to the DCD. (?)​

How to set access rights at the resource level

  • Select the required resource:

    • Data Center: Open the data center. (?)​

    • Images: Menu Bar > Resource Manager > Image Manager >Image tab.

    • Snapshots: Menu Bar > Resource Manager > Image Manager > Snapshot tab.

    • IP addresses: Menu Bar > Resource Manager > IP Manager.

    • Cross-Connects: Menu Bar > Resource Manager > Cross Connect Manager.

    • Kubernetes Cluster: Menu Bar > Resource Manager > Kubernetes Manager

  • Select the required resource.

  • Open Security > Visible to Groups.

  • Enable access:

    • From the + Add Group menu, select the required groups.

      Read access is granted. Users may see and use, but not modify the resource.

    • (Optional) Select further permissions ("Edit", "Share"). You may only share permissions that you have yourself.

  • Restrict or disable access:

    • Select the required group.

    • Deactivate the checkbox of the permission.

      Read access is retained.

      • or -

    • Click on Remove group.

      Access is disabled for all members of the selected group.

  • (Optional) To protect the resource (data center, snapshots) more thoroughly by only allowing access to users whose login is secured with 2-factor authentication, activate the 2-Factor Protected check box. (?)​

Setting access rights in the user manager

Contract owners and administrators can also define in the User Manager who may access a resource to what extent.

Prerequisites

  • You are the contract owner or an administrator. (?)​

  • You are logged on to the DCD. (?)​

How to set access rights in the user manager

  • Open the User Manager.

    Menu Bar > Resource Manager > User Manage

  • Assign groups to a resource

    • In the Resources tab, select the required resource.

    • Open the Visible to Groups tab.

    • Enable access:

      • From the + Add Group list, add the required groups.

      • (Optional) To enable write access or sharing of a resource, activate the respective check box.

    • Disable access:

      • Deactivate the checkbox of the permission.

        • or -

      • Click on Remove Group.

    • (Optional) To protect the resource (data center, snapshots) more thoroughly by only allowing access to users whose login is secured with 2-factor authentication, activate the 2-Factor Protected check box. (?)​

  • Assign resources to a group

    • In the Groups tab, select the required group.

    • Open the Resources of Group tab.

    • Enable access:

      • Select the required resource by clicking on + Grant Access.

        This enables read access to the selected resource.

      • (Optional) To enable write access or sharing of a resource, activate the respective check box.

    • Disable access:

      • Select the required resource.

      • Deactivate the check box of the appropriate permission.

        • or -

      • Click on Revoke Access.

Connecting data centers

When you want to connect your data centers, you need a Cross Connect which serves as a "hub" or "container" for the connection. This is created in the Cross Connect Manager. You can then add a VDC to the connection by setting up a Cross Connect element in the VDC

Prerequisites

  • You are logged on to the DCD. (?)​

  • You are the contract owner or an administrator. (?)​

    • or -

  • You have the permission to edit the required data center. (?)​

  • A Cross Connect is available which is to be used for the connection. (?)​

  • You have (read) access to the Cross Connect. (?)

  • You have (read) access to the IP addresses to be used for the connection. (?)​

  • The data centers to be connected are:

    • Provisioned

    • a part of the same location

    • a part of the same contract

  • The LANs to be used for the connection are private LANs.

  • The NICs to be connected have unique IP addresses that belong to the same IP range.

How to connect data centers

  • Open the VDC that you wish to connect with other VDCs by means of a Cross Connect. (?)​

  • Drag a Cross Connect element from the Palette to the Workspace.

  • Connect the Cross Connect element to the LAN with which the connection is to be established.

  • Select the Cross Connect element in the Workspace.

  • From the drop-down menu in the Inspector, select the connection to which you wish to add your VDC.

  • Ensure the IP addresses in use meet the requirements.

  • (Optional) Make further changes to your data center.

  • Provision your changes.

    The selected VDC was added to the Cross Connect and is now connected with all VDCs that belong to this connection.

Removing a data center from a cross connect

When you don't want a virtual data center to be connected to other data centers, you can remove it from a Cross Connect. If you want to delete a Cross Connect, you need to remove all data centers from it.

Prerequisites

  • You are logged on to the DCD. (?)​

  • You are the contract owner or an administrator. (?)​

    • or -

  • You have the permission to edit this resource. (?)​

How to remove a data center from a cross connect

  • Open the required data center. (?)​

  • In the Workspace, select the required Cross Connect.

  • Set it to Not connected.

    Inspector > Private Cross Connect

  • (Optional) Make further changes to your data center.

  • Provision your changes.

    The data center connection to the selected Cross Connect is deleted and the data center is removed from it.

Deleting a cross connect

If you no longer need a Cross Connect, you can easily remove it from the Cross Connect Manager. A Cross Connect can only be deleted when it does not contain any data centers.

Prerequisites

  • You are logged on to the DCD. (?)​

  • You are the contract owner or an administrator. (?)​

    • or -

  • You have the permission to edit this resource. (?)​

How to delete a cross connect

  • Open the Cross Connect Manager.

    Menu Bar > Resource Manager > Cross Connect Manager

  • In the Workspace, select the required Cross Connect.

  • In the Connected LANs tab, ensure that the Cross Connect does not contain any virtual data centers.

  • Remove existing data centers from the Cross Connect. (?)​

  • Confirm your action by clicking Delete.

    The selected Cross Connect was deleted.