Service Catalog

Service Catalog is a central source of information about the services IONOS Cloud offers to its customers.

Scope of Validity

The Service Catalog is the central source of information about the services IONOS Cloud offers to its customers. This document offers details on the worldwide provision and operation of all services provided by IONOS Cloud (hereinafter referred to as IONOS). It is valid for IONOS SE and its national affiliates.

IONOS Cloud Compute Engine

Under the term “Compute Engine”, IONOS Cloud offers its customers "Infrastructure as a Service" (IaaS) in the form of virtual computing, data storage, and network resources. The customer is able to make use of these resources on a flexible basis as required. The resources used (Cores/vCPUs, RAM, Storage) are billed to the customer by the minute based on a price list, which is valid at the time. Billing of external data transfers is based on data volume.

The customer performs the hiring and returning of resources. IONOS Cloud provides interfaces for this purpose so that the customer can control the resources in a flexible manner. Interfaces currently available are Data Center Designer (DCD) Cloud API

IONOS Cloud Compute Engine model

Data Center Designer

IONOS Cloud provides the customer with access to a personalized web application called the “Data Center Designer” (DCD). The DCD can be accessed via modern Internet browsers. Specifically, the DCD allows the customer to both control and manage the services or sub-services provided by IONOS Cloud, including:

• Creating, editing, and deleting virtual data centers

• Creating, (re-)starting, stopping, and deleting virtual servers, including optional storages

• Configuring/modifying existing virtual servers, including optional storages

• Creating, editing, and deleting snapshots

• Uploading, editing, using, and deleting private images

• Reserving and managing static public IP addresses

• Creating and managing private and public LANs, including firewall setups

• Creating and managing SSH keys

• Management of integrated Cloud services (e.g., IONOS Object Storage, Managed Kubernetes, Backup Service)

Multi-User Management

Account Types

The authentication on the Data Center Designer requires that an account is assigned at least one username and one password. There are three distinct types of accounts:

• Contract Owner – This account is created automatically for the user who initially registered with IONOS Cloud. Only one "Contract Owner" account can exist per contract made with IONOS Cloud. A “Contract Owner” is authorized to fully access all resources, create and delete “User” accounts, and assign an “Administrator” role to them.

• Administrator - This role has the same privileges as the "Contract Owner", except this account type is restricted from changing the contract payment method. “Administrators” can assign “Administrator” roles to “User” accounts. It is possible to revoke the "Administrator" role after it has been assigned.

• User - This is the most basic account type. “Contract Owner” and "Administrator" account types can create or delete an unlimited number of accounts of the "User" type. This account type can be upgraded to the "Administrator" role and assigned specific privileges.

Resource Authorization

Multi-user management controls access to the following resource types:

• Virtual Data Centers

• Snapshots

• Images

• IP Blocks

• Backup Units

• Kubernetes Clusters

The assigning of rights is based on Groups. A Group contains one or several “User” accounts. A “User” account can be a member of several Groups. "Contract Owner" or “Administrator” accounts do not need to be managed in groups as they have access to all contracted resources.

Multi-user management distinguishes between the following authorizations for resources:

• Read – The resource and the objects they contain are visible. The attributes of objects can be displayed. The resource and the object it contains cannot be changed, nor can additional objects be added. The read authorization is implicit as soon as a group is assigned to a resource.

• Edit – The resource and the objects they contain are visible. The attributes of objects can be displayed and changed. The resource and the objects they contain can be deleted.

• Sharing – Authorizations for access to the resource can be changed.

Group Rights

The following group rights can be configured per group:

• Create Data Center: create new virtual data centers

• Create Snapshots: create snapshots of storages for which the group members hold at least “read” authorization

• Reserve IP Blocks: reserve additional IPv4 blocks and/or give back IPv4 blocks, which are available to the group members via the “edit” authorization

• Create Internet Access: Allows provisioning of public LANs inside a virtual data center

• Use Object Storage: access IONOS Object Storage

• Create Backup Units: create a new Backup Unit account for backup agent registration and activation

• Create Kubernetes Clusters: create new Kubernetes clusters

• Access Activity Log: view Activity Logs for the entire contract

Two-Factor Authentication

For every account that is configured for access to the IONOS Cloud DCD (“Contract Owner”, "Administrator" or “User”), the use of 2-Factor Authentication can optionally be configured with a one-time password pursuant to RFC 6238 TOTP. 2-Factor Authentication provides increased security during the login process. In addition to their user name and password, when they log in, they are required to provide a code, which is generated using a special application (an “authenticator”).

Each account type can activate or deactivate this option in the DCD > Account management > Security for the respective account.

“Contract Owner” type accounts can set Two-Factor Authentication as a mandatory requirement for "Administrator" and “User” type accounts.

SSH Key Support

Prior to provisioning, customers can inject the public part of an SSH key prior to provisioning using the IONOS Cloud DCD or Cloud API (version 2.0 or higher) in order to create an SSH login for storage volumes based on a public IONOS Cloud Linux image. This feature is not available for snapshots, private images, Windows OS images, and MS SQL images provided by IONOS Cloud.

In DCD, it is possible to store up to 100 public SSH keys for later re-use. It is possible to mark individual SSH keys as "default" which are applied to every provisioning automatically if previously mentioned requirements are fulfilled. Independent from the SSH key store, customers can also add SSH keys ad-hoc which they did not have previously stored. It is not possible to share access to an SSH key store across multiple users. Each user has access to their own SSH key store independent of their account role.

In Cloud API, it is only possible to add SSH keys ad-hoc. The SSH key store can't be accessed in this manner.

Remote Console

An HTML5 Remote Console is available for every provisioned server via the DCD or the Cloud API. The Remote Console allows the customer complete access to the server's monitor, mouse, and keyboard. The customer has access to his server with the Remote Console even in the absence of SSH or RDP connectivity.

The HTML5 Remote Console has been developed for browsers that do not support Java. It uses HTML5 and JavaScript, which makes it independent of third-party software or additional installations since all it requires is a modern browser.

IONOS Cloud APIs

Auth API

Every IONOS Cloud API requires authentication. Most IONOS Cloud APIs support authentication via basic authentication (username + password) or JSON Web Token (JWT) authentication. The "Telemetry API" only supports JWT authentication.

The IONOS Object Storage API uses its dedicated authentication with IONOS Object Storage credentials (key + secret) that can be retrieved via DCD or Cloud API.

The Auth API facilitates the creation, management, and deletion of JSON Web Tokens.

Cloud API

IONOS Cloud provides the customer with an Application Programming Interface (API). This API gives the customer automated control over the functions from the DCD. Upon request, IONOS Cloud will provide an API reference along with example software (Cloud-CLI) on how the Cloud API can be used (links below).

IONOS Cloud provides access to the Cloud functionality for developers based on REST (Representational State Transfer). All account types are able to use the Cloud API.

Reseller API

The Reseller API allows the customer to manage contracts and their associated admin users. The API allows resellers to create/update/delete subcontracts and update contract resource limits. New contract administrators can also be created, updated, and deleted using the Reseller API.

Activity Log API

The Activity Log API allows the customer the retrieval of a list of activities conducted either in the DCD or in the Cloud API within a specific IONOS Cloud contract. Accounts of the type "Contract Owner" and "Administrator” are authorized by default to access the Activity Log API and are permitted to grant access to the Activity Log API for the "User" type accounts.

Billing API

The Billing API enables “Contract Owner” type accounts to check current usage and the latest invoices of their IONOS Cloud account.

Monitoring as a Service (Legacy) API

The Monitoring as a Service API allows the management of alarms and alerts of the Monitoring as a Service product as well as retrieving a list of events that got triggered. It does not return metrics that are provided by the Metrics API (see next entry).

Please note that the Monitoring as a Service API runs in the path of CloudAPI but without an explicit version tag.

Telemetry API

The Telemetry API allows retrieval of metric data collected by the Monitoring as a Service product. This API requires authentication via JWT (see AuthAPI above) and does not support basic authentication.

IONOS Object Storage API

IONOS Object Storage API requires authentication with IONOS Object Storage specific key + secret credentials which can be retrieved as well as managed via DCD or CloudAPI. It has specific endpoints per location. Further details are provided in the chapter "IONOS Object Storage".

Virtual Data Center

On the IONOS Cloud platform, the customer can create so-called “Virtual Data Centers” (VDC). A VDC is a repository for all infrastructure resources ordered by the customer. Access to the resources in a VDC – similar to operating a physical data center – is only possible via a corresponding network or internet connection. Within a VDC, the IONOS Cloud software allows for the distribution of various resources to different availability zones.

IONOS Cloud provides the customer with the flexibility to change the ownership of the VDC. Any IONOS Cloud customer who is a billing contract owner has the capability of transferring the ownership of a VDC created under the scope of his account with all related rights and responsibilities to any other customer having a billing contract with IONOS Cloud. In order to change the ownership of his VDC the customer is requested to contact the 24/7 Enterprise Level Support.

Dedicated Core Server

These virtual machines run on dedicated CPU Cores. With Dedicated Core Servers you gain full access to the provisioned CPU resources,free from resource sharing with other virtual machines on the same physical host. This guarantees optimal performance, stability, reduced latency and predictable performance. You can freely configure the number of cores and RAM required for your workloads, while choosing from the available CPU types available in your current VDC. Dedicated Core Servers can boot from a storage volume, a CD-ROM, or a NIC.

Furthermore, it is also possible for a Dedicated Core Server to be configured with the help of advanced settings for the use of “Live Vertical Scaling” (LVS). LVS allows further resources to be added to your virtual machine while the operating system is in use. The scaling of resources without having to restart your virtual machine can be applied as follows:

• Upscaling: CPU, RAM, NICs, storage volumes,

• Downscaling: NICs, storage volumes.

For IONOS Cloud provided public Images, LVS is activated by default. LVS capabilities on private images and snapshots can be changed before applying them to new instances. The Image Manager provides edit functionality to these properties. Linux supports all standard LVS functions, Windows server instances, however, only support upscaling of CPU, NICs and storage volumes, and downscaling of NICs at this time. LVS for RAM is possible starting from 1 GB RAM and in full increments of GB.

Possible configurations of a virtual server are presented in the table below:

AMD Processors

* Increment/decrement of 1 GB when LVS is activated, RAM expansion beyond the defined maximum size possible on request.

Intel Processors

* Increment/decrement of 1 GB when LVS is activated, RAM expansion beyond the defined maximum size possible on request.

Core

IONOS Cloud lets the customer assign appropriate processing power in the form of cores. IONOS Cloud will allocate these exclusively to the virtual server specified by the customer.

The different data center locations may be equipped with different CPU models. If the CPU model is listed below, but not displayed on the contract, please contact the IONOS Cloud support team for further assistance.

AMD Core

IONOS Cloud offers EPYC processors in selected locations, optimized for high performance within Cloud infrastructure.

The current processor design allows for a high number of cores within one host system. Therefore, virtual machines may have up to 62 AMD cores.

Intel Core

The Intel Xeon processors provided by IONOS Cloud include both Gen 5 and Gen 6 models, each utilizing advanced multi-core technologies.

Intel Xeon 5 cores from the Haswell, Skylake, and Ice Lake families support hyper-threading, allowing each physical core to handle two simultaneous threads. This can improve performance by enabling more efficient parallel processing, provided the software supports multi-threading. Modern operating systems, including Windows and Linux, can fully leverage this feature.

The latest Gen 6 Intel Xeon processors, including Sierra Forest, use a multi-core architecture, where each physical core is presented as a single core within your virtual machine. This design ensures efficient and optimized resource allocation for demanding workloads in cloud environments.

Host Systems

A large number of host systems are kept ready at each location for operating virtual servers for the customers. Each host server is redundantly connected to the InfiniBand network. The host systems are assembled by the manufacturers based on our specifications and then delivered to the site.

vCPU Server

vCPU servers provide a good balance of compute resources, which are ideal for a wide range of applications. Unlike Dedicated Core Servers, which come with guaranteed dedicated resources, vCPU servers do not. This means that CPU resources are optimized by the hypervisor. The vCPU servers are well-suited for typical workloads that prioritize cost-efficiency and can accommodate variations in performance. Within the DCD or Cloud API, you can freely configure the ratio of vCPUs to RAM for your virtual machines. However, unlike the Dedicated Core Servers product, you do not have the option to choose the CPU type for your vCPU server.

Currently, vCPU Servers are currently available in:

• Berlin, Frankfurt (Germany)

• Logroño (Spain)

• London (United Kingdom)

• Worcester (United Kingdom)

• Paris (France)

• Las Vegas (US)

• Lenexa (US)

vCPU Servers can boot from a storage volume, a CD-ROM, or a NIC.

Additionally, vCPU Servers can utilize "Live Vertical Scaling" (LVS) for advanced configuration. LVS enables adding resources like vCPUs, RAM, NICs, and storage to a running virtual server without requiring a restart. This scaling process can be done to increase or decrease resources.

Limitations

• Larger RAM sizes can be made available on request.

• While provisioning the vCPU Server product, users cannot select the CPU Model through the DCD or Cloud API.

• Customer cannot auto-migrate from vCPU Server type to Dedicated Core Virtual Servers. A virtual machine recreation process is required.

• vCPU can be single or multi-threaded, depending on the underlying hardware.

IONOS Cloud Cubes

Cubes are a separate type of virtual machine. While Virtual Servers use Cores exclusively, IONOS Cloud Cubes share them with other Cubes instances and expose virtual CPUs (vCPU). Still, these virtual machines are fully isolated and separated so that no data is accessible by any other virtual machine running on the same physical core.

In addition, Cubes are delivered with one NVMe storage, that is directly attached to the physical server unit. This block storage device utilizes one of the PCI slots available by default.

IONOS Cloud Cubes is designed for cost optimization and workloads for which failover gets realized by the application and not the infrastructure. IONOS Cloud Cubes is currently rolled out to all European locations but may not be available to specific virtual data centers even if the feature is announced for availability in a particular location. Due to technical dependencies, IONOS Cloud Cubes may not be available for all legacy virtual datacenters in the location Frankfurt. The product should be available for newly created virtual datacenters. Currently, IONOS Cloud Cubes are released in:

• Berlin (Germany)

• Frankfurt (Germany)

• London (UK)

• Worcester (UK)

• Paris (France)

• Logroño (Spain)

• Newark (US)

• Lenexa (US)

A Cubes instance consists of the following components:

• Virtual CPUs

• Memory (RAM)

• Network interface cards NIC (optional)

• Direct Attached NVME Storage volume (mandatory)

• Block Storage volumes (optional)

• CD-ROMs (optional)

In comparison to Virtual Servers, IONOS Cloud Cubes get ordered by pre-defined instance size templates and cannot be configured in a fully flexible model.

Starting from October 1, 2024, IONOS is introducing new Cubes instances:

The following Cubes instances will not be available for new deployments after October 1, 2024 but will remain deployed and active for existing deployments:

Cubes can boot from any storage volume, a CD-ROM, or a NIC.

This type of instance does not support "Live Vertical Scaling" (LVS) of CPU or RAM even if it is enabled on an image. It is not possible to migrate in higher or lower tiers of Cubes.

LVS is limited to NICs and block storage volumes. Please note that the number of directly attached NVMe storage volumes is limited to 1 (one) and it cannot be expanded, delete, removed from the Cubes instance or migrated to any other instance. Attaching further block storage volumes must be of type HDD or SSD. The scaling of resources without having to restart a virtual server can be applied as follows:

• Upscaling: NICs, HDD/ SSD storage volumes

• Downscaling: NICs, HDD/ SSD storage volumes

Additional Services

IONOS Cloud Cubes can be used inside a virtual data center in combination with any other service provided in this location.

Host Systems

IONOS Cloud operates different types of host systems based on AMD as well as Intel CPU architecture. All systems are configured to deliver the same performance. A specific CPU type cannot be selected by the customer nor guaranteed by the IONOS Cloud.

IONOS Cloud Block Storage

IONOS Cloud Hard Disk Drive (HDD) and Solid State Drive (SSD) Block Storage allow the customer to make use of a dual-redundant storage system. Each block storage created by the customer is stored on two storage servers, providing active-active redundancy. For additional data protection, every storage server is based either on a hardware RAID system or on a software RAID system.

Direct Attached Storage (DAS) Block Storage based on Non-Volatile Memory Express (NVMe) are single-redundant storage systems. As this storage is installed directly into the physical server hosting the virtual machine, the storage volume is not stored across two servers. However, every DAS volume is covered by a software RAID system.

Access to the HDD and SSD volumes requested by the customer is achieved via the internal InfiniBand (RDMA) network. DAS volumes are connected to the mainboard of the server and benefit from fast peripheral component interconnect express (PCI express) bus performance.

For Solid State Drive volumes, IONOS Cloud offers two performance classes that can be selected at the time of ordering the volume. SSD Premium is optimized for high performance while SSD Standard is recommended for fast data access with general-purpose scenarios.

HDD as well as DAS volumes deliver a static performance profile independent of the volume size. In comparison, SSD volumes deliver higher performance depending on the volume size and get capped at a specific size.

*Larger volumes available on request.

*Larger volumes available on request.

*Larger volumes available on request.

Snapshot

IONOS Cloud allows the customer to create so-called snapshots of individual block storages (HDD, SSD, DAS). A copy of each block storage can be accessed (and deleted) via DCD and Cloud API, and new block storage of any type can be created based on a snapshot. The provisioning speed is 50 MB/s.

Available Images

The following list provides an overview of the standardized images provided by IONOS:

Open Source Linux

• Alma Linux

• Debian Linux

• Rocky Linux

• Ubuntu Linux

Enterprise Linux

• Red Hat Enterprise Linux

Microsoft Windows Server

• Microsoft Windows Server 2016

• Microsoft Windows Server 2019

• Microsoft Windows Server 2022

• Microsoft Windows Server 2025

Microsoft SQL Server

• Microsoft SQL Server 2019 (Web, Standard, Enterprise)

• Microsoft SQL Server 2022 (Web, Standard, Enterprise)

New versions of the standardized images may be added and old versions will be removed when the vendor no longer supports them.

Image Upload

IONOS Cloud allows the customer to upload their own images to the infrastructure via upload servers. This procedure is to be completed individually for each data center location. IONOS Cloud optionally offers transmission with secure transport (TLS). The uploading of HDD and CD-ROM/DVD-ROM images is supported. Specifically, the uploading of images in the following formats is supported:

CD-ROM / DVD-ROM

• *.iso ISO 9660 image file

HDD Images

• *.vmdk vmware HDD images

• *.vhd, *.vhdx HyperV HDD images

• *.cow, *.qcow, *.qcow2 Qemu HDD images

• *.raw binary HDD image

• *.vpc VirtualPC HDD image

• *.vdi VirtualBox HDD image

A dedicated upload server is available for each data center location. Images can be transmitted to the upload server encrypted via FTPS (FTP-TLS) or unencrypted via FTP.

The following upload servers are available:

• Berlin: ftp-txl.ionos.com

• Frankfurt: ftp-fra.ionos.com

• Karlsruhe: ftp-fkb.ionos.com

• London: ftp-lhr.ionos.com

• Worcester: ftp-bhx.ionos.com

• Paris: ftp-par.ionos.com

• Logroño: ftp-vit.ionos.com

• Las Vegas: ftp-las.ionos.com

• Newark: ftp-ewr.ionos.com

• Lenexa: ftp-mci.ionos.com

Once the image has been transmitted to the upload server, the image will be converted into the internal image format of IONOS Cloud. The user will be informed by email when the conversion process starts.

Once the conversion is complete, the image will be available for use in the DCD or Cloud API under the name by which it was transmitted to the upload server.

Data Upload Service

IONOS Cloud offers customers the ability to transfer large amounts of data via a physically mailed data storage medium. This service supports a variety of data carrier interfaces like USB or SATA. To ensure data security, the data on the delivered data storage medium must be encrypted and have a total size of at least 1 TB.

All uploads are performed as a 1:1 copy to a volume and provided in the data center chosen by the customer. The customer is able to attach this volume to a virtual server of their choice in the chosen virtual data center.

After the upload is complete, the data storage medium will be returned to the customer. The data upload service can be requested by the 24/7 Enterprise Level Support.

Storage Availability Zones

In order to secure data, improve reliability and create high availability scenarios, customers can assign availability zones to HDD and SSD storage volumes (Storage Availability Zone for SSD in data center location Karlsruhe is not provided). DAS storage volumes do not support availability zones as they are installed on the physical compute servers directly. Virtual storage volumes, to which different storage availability zones are assigned operate on different physical resources. Availability zones can be assigned using the DCD or the Cloud API.

Cloud-Init

IONOS Cloud offers Cloud-Init support for all of its Linux images. For Windows images, no Cloud-Init functionality is provided. The feature is activated in all locations. All public IONOS Cloud Linux images support Cloud-Init. For private images, it is the customer's responsibility to make sure that their own images support Cloud-Init.

At the moment, IONOS Cloud supports the injection of user-data. Meta-data injection may be provided at a later point in time.

Virtual Network

IONOS Cloud allows virtual entities to be equipped with network cards (“network interface cards”; NICs). Only by using these virtual network interface cards is it possible to connect multiple virtual entities together and/or to the Internet.

The maximum external throughput may only be achieved with a corresponding upstream of the provider.

Compatibility

• The use of virtual MAC addresses and/or the changing of the MAC address of a network adapter is not supported. Among others, this limitation also applies to the use of CARP (Common Address Redundancy Protocol).

• Gratuitous ARP (RFC 826) is supported.

• Virtual Router Redundancy Protocol (VRRP) is supported based on gratuitous ARP. For VRRP to work, IP failover groups must be configured.

External Network

Depending on the location, different capacities for transmitting data to or from the Internet are available for operating the IONOS Cloud service. Due to the direct connection between the data centers at the German locations, the upstream can be used across locations.

The total capacity of each respective location is described below:

IONOS backbone AS-8560, to which IONOS Cloud is redundantly connected, has a high quality edge capacity of 3000 Gbps with 3500 IPv4/IPv6 peering sessions, available in the following Internet and peering exchange points: AMS-IX, BW-IX,DE-CIX, NL-IX, ESPANIX, Equinix, FranceIX, KCIX, LINX.

Internal Network

IONOS Cloud operates redundant networks at each location, offering connections up to 100 Gbps.

IONOS Cloud uses high-speed networks based on InfiniBand technology both for connecting the central storage systems and for handling internal data connections between customer servers.

Core Network

IONOS Cloud operates a high availability core network at each location for the redundant connection of the product platform. All services provided by IONOS Cloud are connected to the Internet via this core network.

The core network consists exclusively of devices from brand manufacturers. The network connections are completed via an optical transmission network, which, by use of advanced technologies, can provide transmission capacities of several hundred gigabits per second. Connection to important Internet locations in Europe and America guarantees the customer an optimal connection at all times.

Data is not forwarded to third countries. At the customer’s explicit request, the customer can opt for support in a data center in a third country. In the interests of guaranteeing a suitable data protection level, this requires a separate agreement (within the meaning of article 44-50 DSGVO and §§ 78 ff. BDSG 2018).

IP Address Management

IONOS Cloud provides the customer with both IPv4 and IPv6 public IP addresses that, depending on the intended use, can be booked either permanently or for the duration for which a virtual server exists. Currently, only IPv4 addresses can be booked by the customer. These IP addresses provided by IONOS Cloud are only needed if connections are to be established over the Internet. Internally, virtual machines can be freely networked. For this, IONOS Cloud offers a DHCP server that allows and/or simplifies the assignment of IP addresses. However, one can establish one’s own addressing scheme.

Public IPv4 Addresses

Every virtual network interface card that is connected to the Internet is automatically assigned a public IPv4 address by DHCP. This IPv4 address is dynamic, meaning it can change while the virtual server is operational or in the case of a restart.

Customers can reserve static public IPv4 addresses for a fee. These reserved IPv4 addresses can be assigned to a virtual network interface card, which is connected to the Internet, as primary or additional IP addresses.

Private IPv4 Addresses

In networks that are not connected to the Internet, each virtual network interface card is automatically assigned a private IPv4 address. This is assigned by the DHCP service. These IPv4 addresses are assigned statically to the MAC addresses of the virtual network interface cards.

The use of the IP address assignment can be enabled or disabled for each network interface card. Any private IPv4 addresses pursuant to RFC 1918 can be used in private networks.

Public IPv6 Addresses

Every virtual data center is assigned a public /56 IPv6 CIDR block by default. Customers can choose to enable IPv6 in a LAN as per their needs and a maximum of 256 IPv6 enabled LANs can be created per VDC. On enabling IPv6 in a LAN, the customer can either select a /64 IPv6 CIDR block from the /56 IPv6 CIDR block assigned to the VDC or have a /64 block automatically assigned to the LAN. Public IPv6 addresses are assigned to both private and public LANs.

Every connected virtual network interface card is then assigned a /80 IPv6 CIDR block and a single /128 IPv6 address either automatically, or the customer can also select both. They must though both be assigned from the /64 IPv6 CIDR block assigned to the corresponding LAN. The first public IPv6 address is assigned by DHCP and in total a maximum of 50 IPv6 addresses can be assigned per network interface. IPv6 addresses are static, meaning they remain assigned in the case of a virtual server restart.

Network Services

Cloud Connect

Cloud Connect enables the customer to create a direct and dedicated Layer-3 connection between their company network and their virtual data center (VDC). The customer can use Cloud Connect if both of the following conditions are fulfilled:

1. The connecting VDC is operated at the locations of Frankfurt, Berlin, or Las Vegas.

2. The customer has a dedicated line connection to the corresponding data center.

A connection can take place in different ways, for example, Dark-Fiber, MPLS, or Cross Connect. For this purpose, the customer can contract a telecommunications company to establish the connection.

The 24/7 Enterprise Level Support is available to assist with any questions concerning the topic of Cloud exchange and connection.

IP-Failover

The IONOS Cloud IP-Failover feature helps to minimize packet loss for high availability or failover setups in the event that one of the virtual machines experiences an outage. By setting up IP-Failover groups for public traffic, customers can define the network interfaces of virtual servers that are part of a high availability setup.

“User” type accounts can create or edit IP-Failover groups using only reserved IP addresses, for which they have been granted access. The IP-Failover feature only provides provisioning of the same IP to multiple network interfaces from different virtual servers on the same LAN. It does not monitor the availability of the service to be accessed by the given IP. The monitoring and GARP announcements to gateways must be made by the customer individually on each virtual server that is a member of an IP-Failover setup.

IP Failover groups cannot be created for IPv6 addresses and is an IPv4 only feature.

Classic Load Balancing

IONOS Cloud offers the customer the function of a Classic Load Balancer for public traffic within their infrastructure. This load balancer distributes the incoming network traffic according to an ECMP algorithm on the servers configured behind the load balancer. The Classic Load Balancer is for basic balancing scenarios and does not provide granular configuration or health checks.

Firewall

IONOS Cloud allows the customer to use a software firewall within their infrastructure. For this purpose, the virtual network interface cards of a virtual server can be assigned a packet filter. The network traffic, which is aimed at the virtual server, is already filtered before the customer’s virtual machine.

Network Security Groups

IONOS Cloud enables customers to establish Network Security Groups (NSGs) that act as centralized policy managers for firewalls. These NSGs facilitate the filtering of network traffic both to and from virtual network resources within a specific Virtual Data Center (VDC).

Each NSG comprises security firewall rules that manage ingress (incoming) and egress (outgoing) network traffic. These rules apply to Network Interface Cards (NICs) and Virtual Machine (VM) resources that are configured as members of the NSG.

Network Security Groups are subject to the below limits

• Number of NSGs that can be created per VDC: 200

• Number of rules that can be created per NSG: 100

• Number of NSGs a VM can be a member of: 10

• Number of NSGs a NIC can be a member of: 10

DHCP

For every network interface of a virtual server, IONOS Cloud provides an IP configuration via DHCP. In this context, the type of configuration distinguishes between whether the network interface is connected with the public Internet or a private Ethernet.

Public Internet

The following parameters are provided for the configuration via DHCP:

• Public IPv4 address

• Network mask (255.255.255.255)

• Gateway address

• DNS server address

• MTU (1,500)

Similarly, DHCPv6 is supported for IPv6 public addresses

Private Networks

The following parameters are provided for the configuration via DHCP:

• Private IP address (10.x.x.x)

• Network mask (255.255.255.0)

• MTU (1,500)

The DHCP server always uses the address A.B.C.1 in the class C network, which corresponds to the assigned IP address.

The configuration through DHCP can be optionally activated or deactivated via network interface (DCD, or Cloud API). The configuration via DHCP is activated for newly created network interfaces.

DNS

Cloud DNS

IONOS Cloud DNS allows customers to publish Domain Name System (DNS) zones for their domains and subdomains on public Name Servers.

Customers can manage their DNS zones and records via the Cloud DNS API and also create and manage Reverse DNS records for IPv4 and IPv6 addresses.

The IONOS Name Server infrastructure is distributed across 14 points of presence (POPs) in Europe and the USA to ensure fast and reliable DNS resolution for customers in these locations.

Caching DNS

For the resolution of public domain names, IONOS Cloud operates a redundant set consisting of two DNS servers at every data center location.

These DNS servers are operated as “caching” DNS servers and/or DNS resolvers, and are automatically assigned to the virtual customer entities via the DHCP IP address resolution.

Customer-specific internal domains cannot be resolved on caching DNS servers.

Reverse DNS

A standard reverse entry is assigned to all public IPv4 addresses, which are assigned to the virtual entities.

These entries follow the format ipAAA-BBB-CCC-DDD.pbiaas.com, whereby AAA-BBB-CCC-DDD corresponds to the IPv4 octets.

For statically assigned IPv4 and IPv6 addresses, the existing reverse entry can be adapted according to the customer requirements via Cloud DNS API.

IONOS DDoS Protect

IONOS DDoS Protect is a managed Distributed Denial of Service defense mechanism, which ensures that every customer resource hosted on IONOS Cloud is secure and resilient against Layer 3 and Layer 4 DDoS attacks. This is facilitated by a filtering and scrubbing technology, which in the event of detection of an attack filters the malicious DDoS traffic and lets through only the genuine traffic to its original destination. Hence, enabling applications and services of our customers to remain available under a DDoS attack.

Known attack vectors regularly evolve and new attack methods are added. IONOS Cloud monitors this evolution and dedicates resources to adapt and enhance DDoS Protect as much as possible to capture and mitigate the threat.

The service is available in all of our data centers. The service is available in two packages:

DDoS Protect Basic: This package is enabled by default for all customers and does not require any configuration. It provides basic DDoS Protection for every resource on IONOS Cloud from common volumetric and protocol attacks and has the following features:

• DDoS traffic filtering - All suspicious traffic is redirected to the filtering platform where the DDoS traffic is filtered and the genuine traffic is allowed to the original destination.

• Always-On attack detection - The service is always on by default for all customers and does not require any added configuration or subscription.

• Automatic Containment - Each time an attack is identified the system automatically triggers the containment of the DDoS attack by activating the DDoS traffic and letting through only genuine traffic.

• Protection against common Layer 3 and 4 attacks - This service protects every resource on IONOS Cloud from common volumetric and protocol attacks in the Network and Transport Layer such as UDP, SYN floods, etc.

DDoS Protect Advanced: This package offers everything that is part of the DDoS Protect Basic package plus advanced security measures and support.

• 24/7 DDoS Expert Support - Customers have 24/7 access to IONOS Cloud DDoS expert support. The team is available to assist customers with their concerns regarding ongoing DDoS attacks or any related issues.

• Proactive Support - The IONOS Cloud DDoS support team, equipped with alarms, will proactively respond to a DDoS attack directed towards a customer's resources and also notify the customer in such an event.

• On-demand IP specific DDoS filtering - If a customer suspects or anticipates a DDoS attack at any point in time, they can request to enable DDoS filtering for a specific IP or server owned by them. Once enabled, all traffic directed to that IP will be redirected to the IONOS Cloud filtering platform where DDoS traffic will be filtered and genuine traffic will be passed to the original destination.

• On-demand Attack Diagnosis - At the customer's request, a detailed report of a DDoS attack is sent to the customer, explaining the attack and other relevant details.

NOTE: IONOS Cloud sets forth Security as a Shared Responsibility between IONOS Cloud and the customer. We at IONOS Cloud strive at offering a state-of-the-art DDoS defense mechanism. Successful DDoS defense can only be achieved by a collective effort on all aspects including optimal use of firewalls and other settings in the customer environment.

Flow Logs

Flow log is a feature that allows you to capture data related to IPv4 and IPv6 network traffic flows. Flow logs can be enabled for any network interface of a virtual machine (VM) instance, the Managed Network Load Balancer, the Managed Application Load Balancer, as well as the public interfaces of the Managed Network Address Translation** (**NAT) Gateway.

Flow logs can help you with a number of tasks such as:

• Debugging connectivity and security issues

• Monitoring network throughput and performance

• Logging data to ensure that firewall rules are working as expected

The service can be configured for the direction of network traffic (ingress, egress, bi-directional) as well as action (accepted, rejected traffic packets, or any). Data is collected by the services and submitted in a compressed file to a customer's IONOS Object Storage bucket, which can be specified by the customer at the time of flow log activation.

The service will not update existing files but will send new flow log records in a new compressed in an interval of 10 minutes.

Certificate Manager

The Certificate Manager streamlines the management of SSL/TLS certificates for your websites and applications, simplifying the processes of obtaining, installing, and renewing certificates. This ensures secure web traffic and the protection of sensitive data.

Key Features

• Simplified Management: Easily manage SSL/TLS certificates, ensuring efficient and consistent security across all your digital properties.

• Automated Workflows: Automate the issuance and renewal of certificates using ACME protocol-based domain validation, removing the hassle of manual uploads for certificates and keys.

• Seamless Integration: Effortlessly integrate with IONOS services like Managed Application Load Balancer, CDN, and API Gateway to secure your workloads.

By providing these enhanced capabilities, the Certificate Manager helps secure your infrastructure while improving the efficiency of certificate management across cloud services.

IONOS Cloud Managed Services

AI Model Hub

The AI Model Hub is a versatile platform designed to simplify access and deployment of generative AI models. It offers these services within the secure, GDPR-compliant cloud infrastructure of IONOS. Tailored for businesses of varying sizes, this platform removes the complexities of managing AI infrastructure by providing easy access to open-source AI models. Users can leverage the platform for tasks like text generation and image creation through intuitive APIs, ensuring that AI integration is flexible and scalable. Additionally, it allows businesses to upload their data into vector databases, where the data is organized into document collections and transformed into embeddings. This enables more personalized AI outcomes through advanced technologies like Retrieval Augmented Generation (RAG).

Available locations: Berlin

API Gateway

API Gateway is a service that acts as a unified public access point for API requests. It facilitates effortless integration and interaction among services, applications, and clients. Its purpose is to streamline the creation, deployment, and management of APIs while ensuring scalability and security.

Using API Gateway, you can oversee API utilization, monitor performance indicators, and produce logs for assessment and problem-solving. It also allows for the routing of incoming API requests to the correct backend services according to specified routing rules, promoting effective communication between clients and services.

Supported Protocols

The API Gateway service supports the following protocols:

• HTTP

• HTTPS

• WebSocket

• gRPC

Load Balancing Method

For load balancing, the service employs a combination of round-robin with weights and least connections algorithms. For further details, please refer to the documentation.

Quotas and Limits

Available Locations

The API Gateway service can be provisioned in the following locations, but the service can be consumed and utilized globally, considering your performance and latency requirements. Roll-out to more locations will follow soon.

Available Locations:

• Berlin (DE)

• London (UK)

• Paris (FR)

• Logroño (ES)

Databases

IONOS Database as a Service (DBaaS) is a comprehensive web service designed to simplify the setup, operation, and scaling of databases within the IONOS Cloud. This managed solution offers cost-efficient, resizable capacity for industry-standard databases, ensuring high availability, performance, and reliability. Hosted and integrated within the IONOS Cloud ecosystem, it alleviates common database administration tasks, providing an integration with other IONOS Cloud services.

IONOS DBaaS currently supports the following engines:

• In-Memory DB

• MariaDB

• MongoDB

• PostgreSQL

Every database engine in our DBaaS has a unique set of supported features designed to improve performance and functionality. Additionally, as each database engine evolves, new versions introduce distinct features, ensuring that database capabilities continuously improve and adapt to the latest technological advancements.

IONOS Cloud Managed Kubernetes

IONOS Cloud Managed Kubernetes (K8s) is an open-source system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery. Container technology makes software development more flexible and agile, however, it is quite complex to manage and requires a certain level of expertise.

IONOS Cloud Managed Kubernetes facilitates the fully automated setup of Kubernetes clusters. Several clusters can also be quickly and easily deployed, for example, to set up staging environments, and then deleted again if necessary. Kubernetes also significantly simplifies the automation of CI/CD pipelines in terms of testing and deployment.

IONOS Cloud Managed Kubernetes solution offers maximum transparency and control of the K8s cluster. This includes:

• Fully automated setup of entire K8s clusters and K8s node pools (with optional horizontal auto-scaling of nodes)

• Highly-available and geo-redundant control plane

• Full cluster admin-level access to Kubernetes API

• Dedicated CPU and memory resource assignment

• Double redundant and persistent HDD/SSD storage

• Easy integration of Cloud services

• Regular security and version updates

IONOS Cloud Managed Kubernetes is free of charge. The customer pays only for the underlying IONOS Cloud infrastructure that is actually needed.

Please note that IPv6 support has limitations for the IONOS Cloud Managed Kubernetes service.

IONOS Private Container Registry

IONOS Cloud Private Container Registry is a universal repository manager that stores and manages custom container images and other OCI-compliant artifacts. It can be used as part of CI/CD workflows for container workloads in IONOS Managed Kubernetes setups. Specifications for the IONOS Cloud Private Container Registry are as follows:

• Highly available service is managed, including any components on which it is built.

• Located in the region of Frankfurt am Main (DE) (further locations will follow).

• Support of the Docker Registry HTTP API V2.

• More than one repository per registry.

• Support of permanent and temporary access authentication tokens.

• Data encrypted at rest.

• Garbage Collection to release storage space.

• Vulnerability Scanning of artifacts to identify security vulnerabilities.

Available locations: Frankfurt

IONOS Cloud Logging Service

The IONOS Cloud Logging Service is designed to facilitate the logging, monitoring, and analysis of application and infrastructure logs. It encompasses a diverse set of features aimed at enabling effective log monitoring and analysis, providing valuable insights into system behavior. Utilizing this service has the potential to enhance operational efficiency, bolster security measures, and elevate visibility into the performance and errors within your system. To use the logging service, users must have the appropriate privileges, which can be configured through the DCD or Cloud API. As a public service, logs can be sent from any location, including remote sources or systems outside the IONOS Data centers.

The service provides a dedicated log server per logging pipeline instance to every customer or user. Each instance has a dedicated log server endpoint.

The architecture of the IONOS Cloud Logging Service enables:

• Data Collection

• Data Aggregation

• Indexing and Storage

• Analysis and Reporting

The following log sources are currently supported:

• Kubernetes

• Docker

• Systemd

• HTTP (JSON REST API)

• Generic

The IONOS Cloud Logging Service can be managed only through the Logging API at the moment, Alerting and Reporting are available through Grafana.

Limitations

• The service is available only through REST API - No full DCD Integration yet

• main - Rate and Bandwidth limit per pipeline for log ingestion:

  • Default HTTP rate limit: 50 requests per second

  • Default TCP bandwidth: approximately 10,000 logs per second

• Maximum 5 pipelines per contract

• 10 log streams per pipeline.

• Only Linux Servers are supported (Windows Planned)

Available locations: Berlin, Frankfurt, Paris, Logroño and London.

Event Streams for Apache Kafka

Fully managed Apache Kafka service delivering single‑tenant clusters for real‑time event streaming while IONOS handles deployment, scaling, patching and monitoring.

Key Features

• Provision Kafka clusters natively inside an IONOS Public Cloud VDC

• Fixed size profiles (XS – XL) with automatic fail‑over

• TLS‑encrypted endpoints; user & ACL management via API or Data Center Designer

• Optional private‑LAN peering for internal workloads

Managed Stackable Data Platform

The Managed Stackable Data Platform unifies the distribution and management of several open-source Data tools, in a managed, secure, and hassle-free way, running on the IONOS Cloud Managed Kubernetes. It provides a common feeling and configuration/CLI over all the included tools while avoiding vendor lock-in by providing an open-source solution.

Its base technology is the Stackable Data Platform which, given its open and modular approach, allows the creation of different data stacks according to the use cases required by the customer.

It includes the following tools:

For this service, IONOS Cloud provides and maintains a management API, the underlying Managed Kubernetes infrastructure, the Stackable distribution and its updates, security, and bug fixes. The customer is responsible for the setup of their data stack, the data being processed, the processing instructions, or the client software.

Managed Network Load Balancer

IONOS Cloud offers a Managed Network Load Balancer (NLB) that is balancing layer 4/ TCP-based network traffic. This service is available in all locations.

Network Load Balancers can be provisioned as a private as well as a public load balancer. A public load balancer requires the configuration of a reserved public IP address for the target configuration. The network load balancer allows the configuration of multiple, individual load balancer rules which can be applied to virtual machines being members of the listener LAN.

The Network Load Balancers support multiple load balancing algorithms.

• Round Robin

• Least Connection

• Random

• Source IP

Furthermore, it offers options to specify health parameters to include or exclude nodes from the balancing configuration as well as manually remove listener targets from the load balancer (e.g. when the node is in maintenance).

The number of Managed Network Load Balancers per contract is limited to five (5) NLBs. This limit can be adjusted by contacting the IONOS Cloud Support Team.

The Managed Network Load Balancer supports the recording of Flow Logs.

The Managed Network Load Balancer operates in high-availability mode and service recovery is executed within seconds. The Managed Network Load Balancer will be regularly maintained by IONOS and updated with the latest software versions and new features. IONOS reserves a weekly maintenance window that it can use for regular updates. It is scheduled every Monday between 02:00 - 04:00 am local time of the data center in which the Managed Network Load Balancer service is deployed. During maintenance, a service interruption of up to 5 seconds may occur.

Additional update deployments may be possible and carried out outside the maintenance window, for example, in the case of urgent security patches.

Managed Application Load Balancer

Next to the Managed Network Load Balancer, IONOS Cloud also offers a Managed Application Load Balancer (ALB) that is balancing layer 7/ HTTP(s)-based network traffic. This service is available in all locations. While the Managed Network Load Balancer forwards the request according to the forwarding rule, the Managed Application Load Balancer will examine the content of the HTTP(s) request header to determine where to route the request based on user-specified forwarding rules. Both types of Managed Load Balancers can be used in a stack for sequential traffic balancing.

Furthermore, the Managed Application Load Balancer can be provisioned as private as well as public load balancers (similar to the Managed Network Load Balancer).

The Managed Application Load Balancer supports HTTP and HTTPS protocols for forwarding rule configuration (incl. port specification). The configurations are managed in target groups which can contain multiple targets. An included SSL/ TLS certificate manager enables TLS offloading of the traffic. In addition, it can identify the server name, thus supporting multiple secure websites using one public IP but individual certificates.

The following types of routing are support:

• Path-based routing

• Hostname-based routing

• Routing support for query strings

• Header-based routing

• URL Redirection

• Static/Fixed response

When forwarding requests, the source IP can be preserved and forwarded in respective headers to the target so that the application can use information about the client that actually made the request.

It offers options to specify health parameters to include or exclude nodes from the balancing configuration as well as manually remove listener targets from the load balancer (e.g. when the node is in maintenance).

The number of Managed Application Load Balancers per contract is limited to five (5) ALBs. This limit can be adjusted by contacting the IONOS Cloud Support Team.

The Managed Application Load Balancer supports the recording of Flow Logs.

The Managed Application Load Balancer operates in high-availability mode and service recovery is executed within seconds. The Managed Application Load Balancer will be regularly maintained by IONOS and updated with the latest software versions and new features. IONOS reserves a weekly maintenance window that it can use for regular updates. It is scheduled every Monday between 02:00 - 04:00 am local time of the data center in which the Managed Application Load Balancer service is deployed. During maintenance, a service interruption of up to 5 seconds may occur.

Additional update deployments may be possible and carried out outside the maintenance window, for example, in the case of urgent security patches.

Managed NAT Gateway

In all locations, IONOS Cloud provides a Managed Network Address Translation (NAT) Gateway. This service is exposing a Source NAT gateway which means it allows access from the virtual instance to the internet but blocks requests from the internet to the virtual infrastructure. This enables internet access to virtual machines without exposing them to the internet by a public interface. While being "hidden" from the internet and not being exposed to threats, the virtual machine still can initiate a connection to the customizable targets on the internet, e.g., to download new software updates or patches.

A Managed NAT Gateway requires the configuration of a reserved public IP address for the target configuration. The Managed NAT Gateway allows the configuration of multiple, individual NAT rules which can be applied to virtual machines being members of the listener LAN individually. These rules allow dedicated configuration of target subnets as well as port ranges which are explicitly allowed to be accessed by virtual machine instances.

The Managed NAT Gateway supports TCP, UDP, and ICMP protocols and up to six private networks per NAT Gateway. The number of Managed NAT Gateways per contract is limited to five (5) gateways. This limit can be adjusted by contacting the IONOS Cloud Support Team.

The Managed NAT Gateway supports the recording of Flow Logs.

The Managed NAT Gateway operates in high-availability mode and service recovery is executed within seconds. The Managed NAT Gateway will be regularly maintained by IONOS and updated with the latest software versions and new features. IONOS reserves a weekly maintenance window that it can use for regular updates. It is scheduled every Monday between 02:00 - 04:00 am local time of the data center in which the Managed NAT Gateway service is deployed. During maintenance, a service interruption of up to 5 seconds may occur.

Additional update deployments may be possible and carried out outside the maintenance window, for example, in the case of urgent security patches.

VPN Gateway

The fully managed VPN Gateway service provides secure and scalable connectivity, enabling encrypted communication between your IONOS cloud resources in a VDC and remote networks (on-premises, multi-cloud, private LANs in other VDCs, etc.).

A VPN Gateway requires configuring a reserved public IP address for the gateway configuration. VPN Gateway supports IPSec and WireGuard VPN protocols and allows the configuration of multiple IPSec tunnels or WireGuard peers for remote connectivity.

CDN

With the IONOS Content Delivery Network (CDN), you can quickly deliver web content and applications to users with exceptional availability and performance. CDN offers a range of security features, including Layer 7 Distributed Denial of Service (DDoS) protection and a Web Application Firewall (WAF), making it an adaptable and secure solution for content delivery. CDN can be configured both via the DCD and CDN API.

IONOS Content Delivery Network (CDN) is a network of servers located across the IONOS global edge network to speed up the delivery of static and dynamic web content to users. CDN uses Anycast routing in IONOS' global backbone network infrastructure, comprising multiple highly available edge locations where the content is distributed, offering reduced latency and high reliability of content loading on websites.

Currently, CDN hosts its edge locations in two European metro regions.

Monitoring Service

Monitoring Service is a cloud-based service that allows you to ingest, aggregate, and analyze data to enhance your understanding of your system's performance and behavior. The service collects data from various parts of your environment into a central system that is responsible for storage, aggregation, visualization, and initiating automated responses and alert when certain conditions are met.

The Monitoring Service can be managed only through the Monitoring Service API at the moment, Alerting and Reporting are available through a central Grafana instance, available to your contract per region.

Available locations: Berlin, Frankfurt, Paris, Logroño and London.

• Berlin: https://monitoring.de-txl.ionos.com/pipelines

• Frankfurt: https://monitoring.de-fra.ionos.com/pipelines

• London: https://monitoring.gb-lhr.ionos.com/pipelines

• Paris: https://monitoring.fr-par.ionos.com/pipelines

• Logroño: https://monitoring.es-vit.ionos.com/pipelines

Contract limitations

Each contract can create 10 Monitoring Pipelines. If you require higher limitation boundaries, you can contact the IONOS Cloud Support team to discuss your specific requirements and adjust the limits accordingly.

Network File Storage

Network File Storage is a managed service that provides shared file storage to multiple virtual machines of the virtual datacenter using the NFS protocol.

The product is based on the ZFS open-source file system. It can detect and correct errors while in use without the need for a dedicated file system checker, making it suitable for mission-critical applications that require high availability.

Network File Storage uses 2 virtual machines in Active-Passive mode to provide high availability. Access to the SSD volumes is achieved via the internal InfiniBand (RDMA) network.

Storage is based on the SSD Standard performance class recommended for fast data access with general-purpose scenarios. Data is stored on two storage servers, providing active-active redundancy. For additional data protection, every storage server is based either on a hardware RAID system or on a software RAID system.

Network File Storage provides access using the NFS v4.2 protocol. It allows standard Linux clients to read and write directly to storage, scaling performance linearly for both IOPS and throughput, maximizing the limits of storage and network infrastructures:

• Reduced protocol overhead with compound operations and caching.

• Efficient file operations with minimal server interaction.

• Enhanced performance with multiple parallel network connections.

• Detailed file-level access and performance telemetry.

IONOS Object Storage

IONOS Object Storage is a secure, scalable storage solution that offers high data availability and performance. The product adheres to the S3 API standards, enabling the storage of vast amounts of unstructured data and seamless integration into S3-compatible applications and infrastructures.

It supports the following features:

• Versioning

• Logging (available for user-owned buckets)

• Server-side encryption with IONOS-managed keys (SSE-S3)

• Server-side encryption with customer-provided keys (SSE-C)

• Access management via Bucket Policies and Access Control Lists (ACLs)

• Lifecycle management

• Static website hosting

• Cross-Region Replication (available for user-owned buckets)

• Object Lock with Governance and Compliance modes

• Bucket and object tagging

• Public Access Block

• Access from a private LAN to Object Storage endpoints using a Managed Network Load Balancer

IONOS Object Storage is included with every contract, with no need for additional registration or activation. Through a user-friendly graphical interface, as well as standard S3-compatible Object Storage clients, customers can efficiently manage their objects and configure access controls using Bucket Policies in accordance with the S3 Object Storage standard.

Currently, IONOS Object Storage is available in the following locations, with more locations to be added soon.

Backup Service

IONOS is implementing the backup solution in partnership with the backup pioneer and market leader, Acronis. A theoretically unlimited volume of data can be stored in data centers, guaranteed and fully certified to ISO 27001. Data cables with capacities of up to 10 GBit/s ensure seamless data throughput, even for full backups.

Features of the fully integrated backup function:

• Comprehensive image backup (full backup) and/or incremental backup

• Rapid disaster recovery and complete data restore

• Easy data migration

• Encrypted data storage in ISO-certified data centers in Germany

The Backup Service allows the customer to perform a quick and efficient backup of data from applications and any images the customer is using. The customer can also backup data from applications that run on-premises or in private Clouds in commonly used virtualized environments such as VMware and Hyper-V.

The fully integrated backup system supports the following platforms:

• Windows Server and Desktop operating systems

• Linux

• Mac

• Hyper-V and other Hypervisor solutions

• Workstations, physical and virtual servers

The following advanced protection packs can be enabled for each workload (a virtual machine, a server, or a workstation):

• Advanced Backup: Protects your workloads continuously and ensures that even last-minute changes of your work will not be lost.

  • One-click recovery

  • Continuous data protection

  • Backup support for Microsoft SQL

  • Server clusters and Microsoft Exchange clusters – Always On Availability Groups (AAG) and Database Availability Groups (DAG)

  • Backup support for MariaDB, MySQL, Oracle DB, and SAP HANA

  • Data protection map and compliance reporting

  • Off-host data processing

  • Remote operations with bootable media

• Advanced Security: Protects your workloads continuously from all malware threats.

  • Antivirus and antimalware protection with local signature-based detection (with real-time protection)

  • Exploit prevention

  • URL filtering

  • Endpoint firewall management

  • Forensic backup, scan backups for malware, safe recovery, corporate allowlist

  • Smart protection plans (integration with CPOC alerts)

  • Centralized backup scanning for malware

  • Remote wipe

  • Microsoft Defender Antivirus

  • Microsoft Security Essentials

• Advanced Management: Allows you to patch vulnerabilities on the protected workloads.

  • Patch management

  • Disk health

  • Software inventory

  • Fail-safe patching

  • Cyber Scripting

  • Remote assistance

  • File transfer and sharing

  • Selecting a session to connect

  • Observing workloads in multi-view

  • Connection modes: control, observe, and curtain

  • Connection via the Quick Assist application

  • Remote connection protocols: NEAR and Screen Sharing

  • Session recording for NEAR connections

  • Screenshot transmission

  • Session history report – 24 monitors

  • Threshold-based monitoring

  • Anomaly-based monitoring

IONOS Cloud ActivityLog

For security audits, IONOS Cloud offers a service called Activity Log. It traces and records activities of users when they log in, retrieve a resource, change, or delete resources. The trace records are limited to IaaS products. PaaS products will be expanded in near future iteratively.

Activity Log is available via RESTful API only. Users of role "Contract Owner" and "Administrators" are authorized by default to access the Activity Log API and are permitted to grant access to the Activity Log API for the accounts of type "User".

The data retention period for ActivityLog is 35 days. After the retention period expires the data older than retention period gets purged. For longer persistence of Activity Log data it is recommended to download the data and store it on a different storage like IONOS Object Storage.

IONOS Private Cloud powered by VMware

IONOS Private Cloud powered by VMware brings VMware enterprise-class Software-Defined Data Center software to the IONOS Cloud portfolio, enabling customers to run any application across vSphere-based private Cloud environments.

The Service Offering has the following components:

• Private Cloud consisting of:

  • VMware vSphere Enterprise Plus running on dedicated servers

  • VMware vCenter Server appliance

  • VMware NSX-T Standard to power networking for the Service Offering

  • VMware vSAN Standard aggregating host-based storage into a shared data store

• Self-service provisioning and scaling of Private Cloud on demand

• Access to the vSphere Client and NSX-T Manager, ability to configure and design the virtual data center that best fits ones use cases

• Maintenance, patching, and upgrades of the PC (the hardware, physical infrastructure, and VMware stack), performed by IONOS

IONOS Private Cloud powered by VMware can be provisioned and scaled vertically on demand. A Private Cloud cluster includes a minimum of three hosts. Customers can add hosts, up to the provisioning maximum for their organization (maximum 24 hosts per cluster). Customers can select the location of the data center where their Private Cloud will be provisioned. Currently, the service is available in Berlin (Germany), Worcester (UK), and Logroño (Spain). The location of Karlsruhe Baden AirPark will continue to operate already provisioned instances but does not allow the provisioning of new private cloud setups.

IONOS Private Cloud powered by VMware runs exclusively on high-performance, state-of-the-art hardware, and virtualization technology. vSAN, NSX-T, Intel Optane, and NVMe storage provide processing speeds that significantly optimize your workloads. The Backup Service can be used together with the Private Cloud. Additionally, we offer several other services that can be booked as an add-on.

Additional IP

For virtual network interface cards connected to the Internet, automatic assignment of a dynamic public IPv4 address through DHCP is standard. As an added advantage, IONOS offers customers one static public IPv4 address included with their Private Cloud cluster. Further, customers can opt for additional static public IPv4 addresses at a nominal fee, facilitating assignment to Internet-connected virtual network interface cards as primary or supplementary IP addresses.

IPsec VPN

Connectivity to the vSphere management network of the Private Cloud is established through OpenVPN by default, allowing one terminal device connection at a time. A more comfortable alternative is provided by the service IPSec VPN. This service is integrated in the customer’s Cloud Panel. This service leverages an automated provisioning of a Vyos backend gateway, enabling single or multiple IPSec connections to diverse endpoints. A singular service extends connectivity to multiple interconnected networks.

NFS datastore

Augmenting the local vSAN storage offered by the Private Cloud, the NFS datastore service allows customers to seamlessly incorporate network storage into their vSphere environment. This additional service permits scaling of storage from 2TB up to the standard provisioning maximum of 32TB (with an absolute maximum of 128TB). This flexibility empowers clients to scale their storage without the necessity of adding more hosts.

24/7 Enterprise Level Support

IONOS Cloud offers its customers technical support by telephone and email. Experienced system administrators take the customers’ calls and emails and address their concerns immediately. 24/7 Enterprise Level Support can be contacted by email or telephone 24 hours a day, seven days a week.

Contact details can be found in the Data Center Designer dashboard.

Data Centers

IONOS Cloud uses data centers at different locations worldwide. The security concepts of data centers are always based on the highest industry standards.

IONOS Cloud Compute Engine Locations

Berlin, Germany

Frankfurt am Main, Germany

Karlsruhe, Germany

London, United Kingdom

Worcester, United Kingdom

Paris, France

Logroño, Spain

Las Vegas, USA

Newark, USA

Lenexa, USA

IONOS Private Cloud powered by VMware Locations

Baden AirPark - Karlsruhe, Germany

Berlin, Germany

Logroño, Spain

Niederlauterbach, France

Worcester, United Kingdom

Document Version

Last updated: 2025-05-16