# Overview

DBaaS for PostgreSQL is fully integrated into the [<mark style="color:blue;">Data Center Designer</mark>](https://docs.ionos.com/cloud/support/general-information/glossary-of-terms#data-center-designer-dcd) and has a dedicated [<mark style="color:blue;">API</mark>](https://api.ionos.com/docs/postgresql/v1/). You may also launch it through the automation tools like [<mark style="color:blue;">Terraform</mark>](https://docs.ionos.com/terraform-provider) and [<mark style="color:blue;">Ansible</mark>](https://docs.ionos.com/ansible/api/dbaas-postgres).

**Compatibility:** DBaaS gives you access to the capabilities of the PostgreSQL database engine. This means that the code, applications, and tools you already use today with your existing databases can be used with DBaaS. IONOS Cloud supports PostgreSQL versions 14, 15, and 16.

**Locations:** As of December 2022, DBaaS is offered in all IONOS Cloud Locations.

## Features

* **Scalable:** Fully managed clusters that can be scaled on demand.
* **High availability:** Multi-node clusters with automatic node failure handling.
* **Security:** Communication between clients and the cluster is encrypted using TLS certificates from Let's Encrypt.
* **Upgrades:** Customer-defined maintenance windows, with minimal disruption due to planned failover (approx. few seconds for multi-node clusters).
* **Backup:** Base backups are carried out daily, with Point-in-Time recovery for one week.
* **Cloning:** Customers also have the option to clone clusters through backups.
* **Restore:** Databases can be restored in place or to a different target cluster.
* **Resources:** Offered on Enterprise VM, with a dedicated CPU, storage, and RAM. Storage options are SSD or HDD, with SSD now including encryption-at-rest.
* **Network:** DBaaS supports private LANs.
* **Extensions:** DBaaS supports several [<mark style="color:blue;">PostgreSQL Extensions</mark>](https://docs.ionos.com/sections-test/guides/databases/postgresql/overview/activate-extensions).

## DBaaS services offered by IONOS Cloud

All back-end operations required to maintain your database in optimal operational health is supported along with the follwoing actions:

* Database installation through the DCD or the DBaaS API.
* Pre-set database configuration and configuration management options.
* Automation of backups for a period of 7 days.
* Regular patches and upgrades during maintenance.
* Disaster recovery through automated backup.
* Service monitoring: both for the database and the underlying infrastructure.

{% hint style="info" %}
**Note:** IONOS Cloud does not allow superuser access for PostgreSQL services. However, most DBA-type actions are still available through other methods.
{% endhint %}

## Customer database administration duties

Tasks related to the optimal health of the database remain the responsibility of the customer. These include:

* Optimisation
* Data organisation
* Creation of indexes
* Updating statistics
* Consultation of access plans to optimize queries

**Logs:** The logs that are generated by a database are stored on the same disk as the database. We provide logs for connections, disconnections, waiting for locks, DDL statements, any statement that ran for at least 500 ms, and any statement that caused an error. An option to change this configuration is not available. For more information, refer to the [<mark style="color:blue;">PostgreSQL Documentation</mark>](https://www.postgresql.org/docs/current/runtime-config-logging.html#RUNTIME-CONFIG-LOGGING-WHAT).

To conserve disk space, log files are rotated according to size. Logs should not consume more than 175 MB of disk storage. The files are continuously monitored, and log messages are shipped to a central storage location with a 30-day retention policy. For more information, see [<mark style="color:blue;">Access Logs</mark>](https://docs.ionos.com/sections-test/guides/databases/postgresql/api/v1-api/access-logs).

**Write-Ahead Logs**: PostgreSQL uses [<mark style="color:blue;">Write Ahead Logs (WAL)</mark>](https://docs.ionos.com/cloud/support/general-information/glossary-of-terms#write-ahead-logs-wal) for continuous archiving and point-in-time recovery. These logs are created in addition to the regular logs.

Every change to the database is recorded in the WAL record. WALs are generated along with daily **base backups** and offer a consistent snapshot of the database as it was at that time. WALs and backups are automatically deleted after 7 days, which is the earliest point in time you can recover from. For more information, refer to the [<mark style="color:blue;">PostgreSQL Documentation</mark>](https://www.postgresql.org/docs/current/runtime-config-wal.html#RUNTIME-CONFIG-WAL-ARCHIVING).

**Password encryption:** Client libraries must support `SCRAM-SHA-256` authentication. Make sure to use an up-to-date client library.

**Connection encryption:** All client connections are encrypted using TLS; the default [<mark style="color:blue;">SSL mode</mark>](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-PROTECTION) is `prefer` and clients cannot disable it.

Server certificates are issued by Let's Encrypt and the root certificate is [<mark style="color:blue;">ISRG Root X1</mark>](https://crt.sh/?id=9314791). This needs to be made available to the client for `verify-ca` and `verify-full` to function.

Certificates are issued for the DNS name of the cluster which is assigned automatically during creation and will look similar to `pg-abc123.postgresql.de-txl.ionos.com`. It is available through the IONOS API as the `dnsName` property of the `cluster` resource.

Here is how to verify the certificate using the `psql` command line tool:

```bash
curl https://crt.sh/?d=9314791 > ca.crt
export PGSSLROOTCERT=$(pwd)/ca.crt
export PGSSLMODE=verify-full
psql -h pg-abc123.postgresql.de-txl.ionos.com -U dbadmin postgres
```

## Performance considerations

Database instances are placed in the same location as your specified LAN, so network performance should be comparable to other machines in your LAN.

**Estimates:** A test with `pgbench` (scaling factor 1000, 20 connections, duration 300 seconds, not showing detailed logs) and a single small instance (2 cores, 4 GB RAM, 20 GB HDD) resulted in around 830 transactions per second (read and write mixed) and 1100 transactions per second (read-only). For a larger instance (4 cores, 8 GB RAM, 600GB Premium SSD) the results were around 3400 (read and write) and 19000 (read-only) transactions per second. The database was initialized using `pgbench -i -s 1000 -h <ip> -U <username> <dbname>`. For benchmarking the command line used was `pgbench -c 20 -T 300 -h <ip> -U <username> <dbname>` for the read/write tests, and `pgbench -c 20 -T 300 -S -h <ip> -U <username> <dbname>` for the read-only tests.

{% hint style="info" %}
**Note:** To cite the [<mark style="color:blue;">pgbench docs</mark>](https://www.postgresql.org/docs/current/pgbench.html) : "It is very easy to use pgbench to produce completely meaningless numbers". The numbers shown here are only ballpark figures and there are no performance guarantees. The real performance will vary depending on your workload, the IONOS location, and several other factors.
{% endhint %}