IP addresses

If you want to build a network using static IP addresses, IONOS offers you the option to reserve IP addresses for a fee.

Each IP address can only be used once, but different IP addresses from a block can be used in different networks, provided these networks are provisioned in the same region where the IP block is located.

An IP address can only be used in the data center in whose region it was reserved. So, if you need an IP address for your virtual data center in Karlsruhe, reserve the IP address in Karlsruhe. If the IP address is to be used in a virtual data center in Frankfurt, it must be reserved in Frankfurt.

It is not possible to reserve a specific IP address.

Reserving and using IP addresses is restricted to authorized users only. Contract owners and administrators may grant permission to reserve IP addresses.​

IP manager

In the IP Manager, IP addresses can be reserved and managed.

To open it, go to the Menu Bar > Resource Manager > IP Manager

There you can do the following:

Managing permissions

Permissions are required for certain actions in the DCD.

These are as follows:

  • Create a data center.

  • Create snapshots.

  • Reserve IP blocks.

  • Access Activity-Log-API.

  • Create Cross-Connect elements.

  • Use object storage.

  • Create Managed Kubernetes Clusters.

Contract owners and administrators have these permissions by default. They can manage and assign them to other users in the User Manager.

Prerequisites

  • You are logged on to the DCD. (?)​

  • You are the contract owner or an administrator. (?)​

How to manage permissions

  • Create a new group. (?)​

    • or -

  • Open an existing group.

    Menu Bar > Resource Manager > User Manager > Groups

  • Select the required group.

  • Grant permission:

    • In the Privileges tab, activate the checkbox of the appropriate privilege.

    • In the Members tab, add users to the group that you wish to authorize. (?)​

    Members of the selected group now have the required authorization.

  • Remove permission:

    • Remove user(s) from the group with the privilege in question.

      • or -

    • Deactivate the check box of the privilege for the group.

    The privilege is no longer available to the selected users.

Reserving an IP address

If you want to set up a network with fixed IP addresses, you can reserve IP addresses for a fee. IP addresses are reserved in an IP block, even if it contains only one IP address. IP addresses can only be used one at a time.

In order to reserve IP addresses, users who are not contracted owners or administrators need the appropriate permission.

Prerequisites

  • You are logged on to the DCD. (?)​

  • You are the contract owner or an administrator. (?)​

    • or -

  • You have the permission "Reserve IP". (?)

How to reserve an IP address

  • Open the IP Manager.

    Menu Bar > Resource Manager > IP Manager

  • Click on + Reserve IPs.

  • In the following dialog:

    • Name: Enter a name for the IP block.

    • Number of IPs: Enter the number of IPs you want to reserve.

    • Region Enter the location of the IONOS data center where you want your IPs to be available.

    • Confirm your entries with the reserved IP Addresses.

      The number of IPs you have reserved are available as an IP block.

You can now

Managing access to resources

Users who are not contracted owners or administrators need access rights to view, use, or edit resources in a virtual data center. These access rights are assigned to groups and inherited to group members.

Access to the following resources can be managed:

  • Data centers,

  • Images,

  • Snapshots,

  • Private Cross Connects,

  • IP addresses,

  • Managed Kubernetes Clusters.

Access rights

Users can access a resource with the following access rights:

  • Read: Users may see and use but not modify the resource. Read access is automatically granted as soon as a user is assigned to a group with this access right.

  • Edit: Users may modify and delete the resource.

  • Share: Users may share the resource including their access rights with groups to which they belong.

Resource owner

A user who created a resource is the owner of that resource and can specify its access rights.

The owner is shown in the Security tab of a resource.

Access restriction using 2-factor authentication

In addition to enabling access to resources for users of authorized groups only, data centers and snapshots can be even further protected by restricting access to users who have 2-factor authentication activated. Other users cannot see or select these resources - even if they belong to an authorized group.

See also:

Depending on their role, users can: set access rights

Setting access rights at the resource level

Prerequisites

  • You are the contract owner or an administrator. (?)​

    • or -

  • You have permission to share the required resource. (?)​

  • You need to be a member of the group for which you want to specify the access rights of a resource.

  • You are logged on to the DCD. (?)​

How to set access rights at the resource level

  • Select the required resource:

    • Data Center: Open the data center. (?)​

    • Images: Menu Bar > Resource Manager > Image Manager >Image tab.

    • Snapshots: Menu Bar > Resource Manager > Image Manager > Snapshot tab.

    • IP addresses: Menu Bar > Resource Manager > IP Manager.

    • Cross-Connects: Menu Bar > Resource Manager > Cross Connect Manager.

    • Kubernetes Cluster: Menu Bar > Resource Manager > Kubernetes Manager.

  • Select the required resource.

  • Open Security > Visible to Groups.

  • Enable access:

    • From the + Add Group menu, select the required groups.

      Read access is granted. Users may see and use, but not modify the resource.

    • (Optional) Select further permissions ("Edit", "Share"). You may only share permissions that you have yourself.

  • Restrict or disable access:

    • Select the required group.

    • Deactivate the checkbox of the permission.

      Read access is retained.

      • or -

    • Click on Remove group.

      Access is disabled for all members of the selected group.

  • (Optional) To protect the resource (data center, snapshots) more thoroughly by only allowing access to users whose login is secured with 2-factor authentication, activate the 2-Factor Protected check box. (?)​

Setting access rights in the user manager

Contract owners and administrators can also define in the User Manager who may access a resource to what extent.

Prerequisites

  • You are the contract owner or an administrator. (?)​

  • You are logged on to the DCD. (?)​

How to set access rights in the user manager

  • Open the User Manager.

    Menu Bar > Resource Manager > User Manager

  • Assign groups to a resource

    • In the Resources tab, select the required resource.

    • Open the Visible to Groups tab.

    • Enable access:

      • From the + Add Group list, add the required groups.

      • (Optional) To enable write access or sharing of a resource, activate the respective check box.

    • Disable access:

      • Deactivate the checkbox of the permission.

        • or -

      • Click on Remove Group.

    • (Optional) To protect the resource (data center, snapshots) more thoroughly by only allowing access to users whose login is secured with 2-factor authentication, activate the 2-Factor Protected check box. (?)​

  • Assign resources to a group

    • In the Groups tab, select the required group.

    • Open the Resources of Group tab.

    • Enable access:

      • Select the required resource by clicking on + Grant Access.

        This enables read access to the selected resource.

      • (Optional) To enable write access or sharing of a resource, activate the respective check box.

    • Disable access:

      • Select the required resource.

      • Deactivate the check box of the appropriate permission.

        • or -

      • Click on Revoke Access.

Setting up a network

The DCD helps you connect the elements of your infrastructure and build a network to set up a functional virtual data center. Without a connected internet access element, your network is private.

Prerequisites

  • You are logged on to the DCD. (?)​

  • You are the contract owner or an administrator. (?)​

    • or -

  • You have permission to edit the required data center. (?)​

  • The VDC is open. (?)​

  • (Optional) You have access to reserved IP addresses that you wish to assign manually. (?)​

How to set up a network

  • Drag and drop elements from the Palette onto the Workspace and connect them through their NICs.

The quickest way to connect elements is to drag them from the Palette directly onto elements that are already in the Workspace. The DCD will then show you whether and how the elements can be connected automatically.

  • In the Workspace, select the required NIC.

  • In the Inspector, open the Network tab.

  • Open the properties of the NIC:

    • Name: (Optional) Enter a name that is unique throughout the VDC.

    • MAC: A MAC address will be assigned automatically upon provisioning and cannot be changed.

    • Primary IP: The primary IP address is automatically assigned by the IONOS DHCP server. You can, however, enter an IP address for manual assignment by selecting one of the reserved IP addresses from the drop-down menu. Private IP addresses (according to RFC 1918) need to be entered manually. The NIC needs to be connected to the internet.

    • Failover: If you have an HA setup including a failover configuration on your VMs, you can create and manage IP failover groups that support your HA setup. (?)

    • Firewall: Configure a firewall. (?)

    • DHCP: It is often necessary to run a DHCP server in your virtual data center (e.g. PXE boot for fast rollout of VMs). If you use your own DHCP server, deactivate this checkbox so that the assignment of IP addresses is not overwritten by the IONOS DHCP server.

    • Additional IPs: In order to use "floating" or virtual IPs, you can assign additional IPs to a NIC by selecting them from the drop-down menu.

  • (Optional) Make further changes to your data center.

  • Provision your changes.

    The network is active according to your settings.

Returning an IP address

IP addresses cannot be returned individually, but only as a block and only when they are not in use.

If you return a static IP address, you cannot reserve it again afterward.

Prerequisites

  • You are logged on to the DCD. (?)​

  • You are the contract owner or an administrator. (?)​

    • or -

  • You have permission to edit this resource. (?)​

How to return an IP address

  • Ensure the IPs you want to release are not in use.

  • Open the IP Manager.

    Menu Bar > Resource Manager > IP Manager

  • Select the required IP block.

  • Click on Delete.

  • In the dialog that appears, confirm your action by clicking OK.

    The IP block and all IP addresses it contains are released and removed from your IONOS account.