The Service Catalog is the central source of information about the services IONOS Cloud offers to its customers.
The Service Catalog is the central source of information about the services IONOS Cloud offers to its customers. This document offers details on the worldwide provision and operation of all services provided by IONOS Cloud (hereinafter referred to as IONOS). It is valid for IONOS SE and its national affiliates.
Under the term “Compute Engine”, IONOS Cloud offers its customers "Infrastructure as a Service" (IaaS) in the form of virtual computing, data storage, and network resources. The customer is able to make use of these resources on a flexible basis as required. The resources used (Cores/vCPUs, RAM, Storage) are billed to the customer by the minute based on a price list, which is valid at the time. Billing of external data transfers is based on data volume.
IONOS Cloud Compute Engine model
IONOS Cloud provides the customer with access to a personalized web application called the “Data Center Designer” (DCD). The DCD can be accessed via modern Internet browsers. Specifically, the DCD allows the customer to both control and manage the services or sub-services provided by IONOS Cloud, including:
- Creating, editing, and deleting virtual data centers
- Creating, (re-)starting, stopping, and deleting virtual servers, including optional storages
- Configuring/modifying existing virtual servers, including optional storages
- Creating, editing, and deleting snapshots
- Uploading, editing, using, and deleting private images
- Reserving and managing static public IP addresses
- Creating and managing private and public LANs including firewall setups
- Creating and managing SSH keys
- Management of integrated Cloud services (e.g. IONOS S3 Object Storage, IONOS Managed Kubernetes, IONOS Backup as a Service)
The authentication on the Data Center Designer requires that an account is assigned at least one username and one password. There are three distinct types of accounts:
- Contract Owner – This account is created automatically for the user who initially registered with IONOS Cloud. Only one "Contract Owner" account can exist per contract made with IONOS Cloud. A “Contract Owner” is authorized to fully access all resources, create and delete “User” accounts and assign an “Administrator” role to them.
- Administrator - This role has the same privileges as the "Contract Owner", except this account type is restricted from changing the payment method of the contract. “Administrators” can assign “Administrator” roles to “User” accounts. It is possible to revoke the "Administrator" role after it has been assigned.
- User - This is the most basic account type. “Contract Owner” and "Administrator" account types can create or delete an unlimited number of accounts of the "User" type. This account type can be upgraded to the "Administrator" role and assigned specific privileges.
Multi-User Management controls access to the following resources types:
- Virtual Data Centers
- IP Blocks
- Backup Units
- Kubernetes Clusters
The assigning of rights is based on Groups. A Group contains one or several “User” accounts. A “User” account can be a member of several Groups. "Contract Owner" or “Administrator” accounts do not need to be managed in groups as they have access to all contracted resources.
Multi-User Management distinguishes between the following authorizations for resources:
- Read – The resource and the objects they contain are visible. The attributes of objects can be displayed. The resource and the object it contains cannot be changed, nor can additional objects be added. The read authorization is implicit as soon as a group is assigned to a resource.
- Edit – The resource and the objects they contain are visible. The attributes of objects can be displayed and changed. The resource and the objects they contain can be deleted.
- Sharing – Authorizations for access to the resource can be changed.
The following group rights can be configured per group:
- Create Data Center: create new virtual data centers
- Create Snapshots: create snapshots of storages for which the group members hold at least “read” authorization
- Reserve IP Blocks: reserve additional IPv4 blocks and/or give back IPv4 blocks, which are available to the group members via the “edit” authorization
- Create Internet Access: Allows provisioning of public LANs inside a virtual data center
- Use Object Storage: access IONOS S3 Object Storage
- Create Backup Units: create a new Backup Unit account for backup agent registration and activation
- Create Kubernetes Clusters: create new Kubernetes clusters
- Access Activity Log: view Activity Logs for the entire contract
For every account that is configured for access to the IONOS Cloud DCD (“Contract Owner”, "Administrator" or “User”), the use of 2-Factor Authentication can optionally be configured with a one-time password pursuant to RFC 6238 TOTP. 2-Factor Authentication provides increased security during the login process. In addition to their user name and password, when they log in, they are required to provide a code, which is generated using a special application (an “authenticator”).
Each account type can activate or deactivate this option in the DCD > Account management > Security for the respective account.
“Contract Owner” type accounts can set Two-Factor Authentication as a mandatory requirement for "Administrator" and “User” type accounts.
Prior to provisioning, customers can inject the public part of an SSH key prior to provisioning using the IONOS Cloud DCD or Cloud API (version 2.0 or higher) in order to create an SSH login for storage volumes based on a public IONOS Cloud Linux image. This feature is not available for snapshots, private images, Windows OS images, and MS SQL images provided by IONOS Cloud.
In DCD, it is possible to store up to 100 public SSH keys for later re-use. It is possible to mark individual SSH keys as "default" which are applied to every provisioning automatically if previously mentioned requirements are fulfilled. Independent from the SSH key store, customers can also add SSH keys ad-hoc which they did not have previously stored. It is not possible to share access to an SSH key store across multiple users. Each user has access to their own SSH key store independent of their account role.
In Cloud API, it is only possible to add SSH keys ad-hoc. The SSH key store can't be accessed in this manner.
An HTML5 Remote Console is available for every provisioned server via the DCD or the Cloud API. The Remote Console allows the customer complete access to the server's monitor, mouse, and keyboard. The customer has access to his server with the Remote Console even in the absence of SSH or RDP connectivity.
Every IONOS Cloud API requires authentication. Most IONOS Cloud APIs support authentication via basic authentication (username + password) or JSON Web Token (JWT) authentication. The "Telemetry API" only supports JWT authentication.
The IONOS S3 Object Storage API uses its dedicated authentication with IONOS S3 Object Storage credentials (key + secret) that can be retrieved via DCD or Cloud API.
The Auth API facilitates the creation, management, and deletion of JSON Web Tokens.
IONOS Cloud provides the customer with an Application Programming Interface (API). This API gives the customer automated control over the functions from the DCD. Upon request, IONOS Cloud will provide an API reference along with example software (Cloud-CLI) on how the Cloud API can be used (links below).
IONOS Cloud provides access to the Cloud functionality for developers based on REST (Representational State Transfer). All account types are able to use the Cloud API.
The Reseller API allows the customer to manage contracts and their associated admin users. The API allows resellers to create/update/delete subcontracts and update contract resource limits. New contract administrators can also be created, updated, and deleted using the Reseller API.
The Activity Log API allows the customer the retrieval of a list of activities conducted either in the DCD or in the Cloud API within a specific IONOS Cloud contract. Accounts of the type "Contract Owner" and "Administrator” are authorized by default to access the Activity Log API and are permitted to grant access to the Activity Log API for the "User" type accounts.
The Billing API enables “Contract Owner” type accounts to check current usage and the latest invoices of their IONOS Cloud account.
The Monitoring API allows the management of alarms and alerts of the Monitoring Service as well as retrieving a list of events that got triggered by monitoring. It does not return monitoring metrics that are provided by the Metrics API (see next entry).
Please note that the Monitoring API runs in the path of CloudAPI but without an explicit version tag.
The Telemetry API allows retrieval of metric data collected by the monitoring service. This API requires authentication via JWT (see AuthAPI above) and does not support basic authentication.
IONOS S3 Object Storage API requires authentication with IONOS S3 Object Storage specific key + secret credentials which can be retrieved as well as managed via DCD or CloudAPI. It has specific endpoints per location. Further details are provided in the chapter "IONOS S3 Object Storage".
On the IONOS Cloud platform, the customer can create so-called “Virtual Data Centers” (VDC). A VDC is a repository for all infrastructure resources ordered by the customer. Access to the resources in a VDC – similar to operating a physical data center – is only possible via a corresponding network or internet connection. Within a VDC, the IONOS Cloud software allows for the distribution of various resources to different availability zones.
IONOS Cloud provides the customer with the flexibility to change the ownership of the VDC. Any IONOS Cloud customer who is a billing contract owner has the capability of transferring the ownership of a VDC created under the scope of his account with all related rights and responsibilities to any other customer having a billing contract with IONOS Cloud. In order to change the ownership of his VDC the customer is requested to contact the 24/7 Enterprise Level Support.
These virtual machines run on dedicated CPU Cores. With Dedicated Core Servers you gain full access to the provisioned CPU resources,free from resource sharing with other virtual machines on the same physical host. This guarantees optimal performance, stability, reduced latency and predictable performance. You can freely configure the number of cores and RAM required for your workloads, while choosing from the available CPU types available in your current VDC. Dedicated Core Servers can boot from a storage volume, a CD-ROM, or a NIC.
Furthermore, it is also possible for a Dedicated Core Server to be configured with the help of advanced settings for the use of “Live Vertical Scaling” (LVS). LVS allows further resources to be added to your virtual machine while the operating system is in use. The scaling of resources without having to restart your virtual machine can be applied as follows:
- Upscaling: CPU, RAM, NICs, storage volumes,
- Downscaling: NICs, storage volumes.
For IONOS Cloud provided public Images, LVS is activated by default. LVS capabilities on private images and snapshots can be changed before applying them to new instances. The Image Manager provides edit functionality to these properties. Linux supports all standard LVS functions, Windows server instances, however, only support upscaling of CPU, NICs and storage volumes, and downscaling of NICs at this time. LVS for RAM is possible starting from 1 GB RAM and in full increments of GB.
Possible configurations of a virtual server are presented in the table below:
* Increment/decrement of 1 GB when LVS is activated, RAM expansion beyond the defined maximum size possible on request.
* Increment/decrement of 1 GB when LVS is activated, RAM expansion beyond the defined maximum size possible on request.
IONOS Cloud lets the customer assign appropriate processing power in the form of cores. IONOS Cloud will allocate these exclusively to the virtual server specified by the customer.
The different data center locations may be equipped with different CPU models. If the CPU model is listed below, but not displayed on the contract, please contact the IONOS Cloud support team for further assistance.
The AMD cores IONOS Cloud provides are AMD Opteron and EPYC processors, optimized for high performance within Cloud infrastructure.
The current processor design allows for a high number of cores within one host system. Therefore, virtual machines may have up to 62 AMD cores.
The Intel cores IONOS Cloud provides are Intel Xeon processors that enable simultaneous computing of two threads or sets of instructions.
For each physically present processor core, the operating system addresses two virtual cores and shares the workload between them. This so-called hyper-threading approximates a system with two physical cores.
While hyper-threading can improve data processing performance, in order to exploit the benefits, it relies on the software to support the use of multiple processors. Current versions of Windows and Linux support this feature and can benefit from it.
A large number of host systems are kept ready at each location for operating virtual servers for the customers. Each host server is redundantly connected to the InfiniBand network. The host systems are assembled by the manufacturers based on our specifications and then delivered to the site.
vCPU servers provide a good balance of compute resources, which are ideal for a wide range of applications. Unlike Dedicated Core Servers, which come with guaranteed dedicated resources, vCPU servers do not. This means that CPU resources are optimized by the hypervisor. The vCPU servers are well-suited for typical workloads that prioritize cost-efficiency and can accommodate variations in performance. Within the DCD or Cloud API, you can freely configure the ratio of vCPUs to RAM for your virtual machines. However, unlike the Dedicated Core Servers product, you do not have the option to choose the CPU type for your vCPU server.
Currently, vCPU Servers are currently available in:
- Berlin, Frankfurt (Germany)
- Logroño (Spain)
- London (United Kingdom)
- Paris (France)
- Las Vegas (US)
- Lenexa (US)
vCPU Servers can boot from a storage volume, a CD-ROM, or a NIC.
Additionally, vCPU Servers can utilize "Live Vertical Scaling" (LVS) for advanced configuration. LVS enables adding resources like vCPUs, RAM, NICs, and storage to a running virtual server without requiring a restart. This scaling process can be done to increase or decrease resources.
- While provisioning the vCPU Server product, users cannot select the CPU Model through the DCD or Cloud API.
- Customer cannot auto-migrate from vCPU Server type to Dedicated Core Virtual Servers. A virtual machine recreation process is required.
Cubes are a separate type of virtual machine. While Virtual Servers use Cores exclusively, IONOS Cloud Cubes share them with other Cubes instances and expose virtual CPUs (vCPU). Still, these virtual machines are fully isolated and separated so that no data is accessible by any other virtual machine running on the same physical core.
In addition, Cubes are delivered with one NVMe storage, that is directly attached to the physical server unit. This block storage device utilizes one of the PCI slots available by default.
IONOS Cloud Cubes is designed for cost optimization and workloads for which failover gets realized by the application and not the infrastructure. IONOS Cloud Cubes is currently rolled out to all European locations but may not be available to specific virtual data centers even if the feature is announced for availability in a particular location. Due to technical dependencies, IONOS Cloud Cubes may not be available for all legacy virtual datacenters in the location Frankfurt. The product should be available for newly created virtual datacenters. Currently, IONOS Cloud Cubes are released in:
- Berlin (Germany)
- Frankfurt (Germany)
- London (UK)
- Paris (France)
- Logroño (Spain)
- Newark (US)
- Lenexa (US)
A Cubes instance consists of the following components
- Virtual CPUs
- Memory (RAM)
- Network interface cards NIC (optional)
- Direct Attached NVME Storage volume (mandatory)
- Block Storage volumes (optional)
- CD-ROMs (optional)
In comparison to Virtual Servers, IONOS Cloud Cubes get ordered by pre-defined instance size templates and cannot be configured in a fully flexible model.
Cubes can boot from any storage volume, a CD-ROM, or a NIC.
This type of instance does not support "Live Vertical Scaling" (LVS) of CPU or RAM even if it is enabled on an image. It is not possible to migrate in higher or lower tiers of Cubes.
LVS is limited to NICs and block storage volumes. Please note that the number of directly attached NVMe storage volumes is limited to 1 (one) and it cannot be expanded, delete, removed from the Cubes instance or migrated to any other instance. Attaching further block storage volumes must be of type HDD or SSD. The scaling of resources without having to restart a virtual server can be applied as follows:
- Upscaling: NICs, HDD/ SSD storage volumes
- Downscaling: NICs, HDD/ SSD storage volumes
IONOS Cloud Cubes can be used inside a virtual data center in combination with any other service provided in this location.
Every 24 hours, IONOS Cloud creates a backup of the directly attached NVMe volume automatically and stores it on a separate block storage device. In case of a host failure or outage, IONOS Cloud will recover the Cubes instance from the backup. Since this backup is taken every 24 hours the user may want to apply additional backup or redundancy routines.
The automatic backup routine is included in IONOS Cloud Cubes and does not create additional costs.
IONOS Cloud operates different types of host systems based on AMD as well as Intel CPU architecture. All systems are configured to deliver the same performance. A specific CPU type cannot be selected by the customer nor guaranteed by the IONOS Cloud.
IONOS Cloud Hard Disk Drive (HDD) and Solid State Drive (SSD) Block Storage allow the customer to make use of a dual-redundant storage system. Each block storage created by the customer is stored on two storage servers, providing active-active redundancy. For additional data protection, every storage server is based either on a hardware RAID system or on a software RAID system.
Direct Attached Storage (DAS) Block Storage based on Non-Volatile Memory Express (NVMe) are single-redundant storage systems. As this storage is installed directly into the physical server hosting the virtual machine, the storage volume is not stored across two servers. However, every DAS volume is covered by a software RAID system.
Access to the HDD and SSD volumes requested by the customer is achieved via the internal InfiniBand (RDMA) network. DAS volumes are connected to the mainboard of the server and benefit from fast peripheral component interconnect express (PCI express) bus performance.
For Solid State Drive volumes, IONOS Cloud offers two performance classes that can be selected at the time of ordering the volume. SSD Premium is optimized for high performance while SSD Standard is recommended for fast data access with general-purpose scenarios.
HDD as well as DAS volumes deliver a static performance profile independent of the volume size. In comparison, SSD volumes deliver higher performance depending on the volume size and get capped at a specific size.
*Larger volumes available on request.
*Larger volumes available on request.
*Larger volumes available on request.
IONOS Cloud allows the customer to create so-called snapshots of individual block storages (HDD, SSD, DAS). A copy of each block storage can be accessed (and deleted) via DCD and Cloud API, and new block storage of any type can be created based on a snapshot. The provisioning speed is 50 MB/s.
IONOS Cloud offers standardized images of the following operating systems:
New versions of the standardized images may be added and old versions will be removed when the vendor no longer supports them.
Note: We reserve the right to add non-LTS and testing/beta versions. Please follow the vendor's recommendations and refrain from using them for production use cases.
IONOS Cloud allows the customer to upload their own images to the infrastructure via upload servers. This procedure is to be completed individually for each data center location. IONOS Cloud optionally offers transmission with secure transport (TLS). The uploading of HDD and CD-ROM/DVD-ROM images is supported. Specifically, the uploading of images in the following formats is supported:
CD-ROM / DVD-ROM:
- *.iso ISO 9660 image file
- *.vmdk vmware HDD images
- *.vhd, *.vhdx HyperV HDD images
- *.cow, *.qcow, *.qcow2 Qemu HDD images
- *.raw binary HDD image
- *.vpc VirtualPC HDD image
- *.vdi VirtualBox HDD image
A dedicated upload server is available for each data center location. Images can be transmitted to the upload server encrypted via FTPS (FTP-TLS) or unencrypted via FTP.
The following upload servers are available:
- Berlin: ftp-txl.ionos.com
- Frankfurt: ftp-fra.ionos.com
- Karlsruhe: ftp-fkb.ionos.com
- London: ftp-lhr.ionos.com
- Paris: ftp-par.ionos.com
- Logroño: ftp-vit.ionos.com
- Las Vegas: ftp-las.ionos.com
- Newark: ftp-ewr.ionos.com
- Lenexa: ftp-mci.ionos.com
Once the image has been transmitted to the upload server, the image will be converted into the internal image format of IONOS Cloud. The user will be informed by email when the conversion process starts.
Once the conversion is complete, the image will be available for use in the DCD or Cloud API under the name by which it was transmitted to the upload server.
IONOS Cloud offers customers the ability to transfer large amounts of data via a physically mailed data storage medium. This service supports a variety of data carrier interfaces like USB or SATA. To ensure data security, the data on the delivered data storage medium must be encrypted and have a total size of at least 1 TB.
All uploads are performed as a 1:1 copy to a volume and provided in the data center chosen by the customer. The customer is able to attach this volume to a virtual server of their choice in the chosen virtual data center.
After the upload is complete, the data storage medium will be returned to the customer. The data upload service can be requested by the 24/7 Enterprise Level Support.
In order to secure data, improve reliability and create high availability scenarios, customers can assign availability zones to HDD and SSD storage volumes (Storage Availability Zone for SSD in data center location Karlsruhe is not provided). DAS storage volumes do not support availability zones as they are installed on the physical compute servers directly. Virtual storage volumes, to which different storage availability zones are assigned operate on different physical resources. Availability zones can be assigned using the DCD or the Cloud API.
IONOS Cloud offers Cloud-Init support for all of its Linux images. For Windows images, no Cloud-Init functionality is provided. The feature is activated in all locations. All public IONOS Cloud Linux images support Cloud-Init. For private images, it is the customer's responsibility to make sure that their own images support Cloud-Init.
At the moment, IONOS Cloud supports the injection of user-data. Meta-data injection may be provided at a later point in time.
IONOS Cloud allows virtual entities to be equipped with network cards (“network interface cards”; NICs). Only by using these virtual network interface cards is it possible to connect multiple virtual entities together and/or to the Internet.
The maximum external throughput may only be achieved with a corresponding upstream of the provider.
- The use of virtual MAC addresses and/or the changing of the MAC address of a network adapter is not supported. Among others, this limitation also applies to the use of CARP (Common Address Redundancy Protocol).
- Gratuitous ARP (RFC 826) is supported.
- Virtual Router Redundancy Protocol (VRRP) is supported based on gratuitous ARP. For VRRP to work, IP failover groups must be configured.
Depending on the location, different capacities for transmitting data to or from the Internet are available for operating the IONOS Cloud service. Due to the direct connection between the data centers at the German locations, the upstream can be used across locations.
The total capacity of each respective location is described below:
* Per site.
IONOS backbone AS-8560, to which IONOS Cloud is redundantly connected, has a high quality edge capacity of 3000 Gbps with 3500 IPv4/IPv6 peering sessions, available in the following Internet and peering exchange points: AMS-IX, BW-IX,DE-CIX, NL-IX, ESPANIX, Equinix, FranceIX, KCIX, LINX.
IONOS Cloud operates redundant networks at each location, offering connections up to 100 Gbps.
IONOS Cloud uses high-speed networks based on InfiniBand technology both for connecting the central storage systems and for handling internal data connections between customer servers.
IONOS Cloud operates a high availability core network at each location for the redundant connection of the product platform. All services provided by IONOS Cloud are connected to the Internet via this core network.
The core network consists exclusively of devices from brand manufacturers. The network connections are completed via an optical transmission network, which, by use of advanced technologies, can provide transmission capacities of several hundred gigabits per second. Connection to important Internet locations in Europe and America guarantees the customer an optimal connection at all times.
Data is not forwarded to third countries. At the customer’s explicit request, the customer can opt for support in a data center in a third country. In the interests of guaranteeing a suitable data protection level, this requires a separate agreement (within the meaning of article 44-50 DSGVO and §§ 78 ff. BDSG 2018).
IONOS Cloud provides the customer with both IPv4 and IPv6 public IP addresses that, depending on the intended use, can be booked either permanently or for the duration for which a virtual server exists. Currently, only IPv4 addresses can be booked by the customer. These IP addresses provided by IONOS Cloud are only needed if connections are to be established over the Internet. Internally, virtual machines can be freely networked. For this, IONOS Cloud offers a DHCP server that allows and/or simplifies the assignment of IP addresses. However, one can establish one’s own addressing scheme.
Every virtual network interface card that is connected to the Internet is automatically assigned a public IPv4 address by DHCP. This IPv4 address is dynamic, meaning it can change while the virtual server is operational or in the case of a restart.
Customers can reserve static public IPv4 addresses for a fee. These reserved IPv4 addresses can be assigned to a virtual network interface card, which is connected to the Internet, as primary or additional IP addresses.
In networks that are not connected to the Internet, each virtual network interface card is automatically assigned a private IPv4 address. This is assigned by the DHCP service. These IPv4 addresses are assigned statically to the MAC addresses of the virtual network interface cards.
The use of the IP address assignment can be enabled or disabled for each network interface card. Any private IPv4 addresses pursuant to RFC 1918 can be used in private networks.
Every virtual data center is assigned a public /56 IPv6 CIDR block by default. Customers can choose to enable IPv6 in a LAN as per their needs and a maximum of 256 IPv6 enabled LANs can be created per VDC. On enabling IPv6 in a LAN, the customer can either select a /64 IPv6 CIDR block from the /56 IPv6 CIDR block assigned to the VDC or have a /64 block automatically assigned to the LAN. Public IPv6 addresses are assigned to both private and public LANs.
Every connected virtual network interface card is then assigned a /80 IPv6 CIDR block and a single /128 IPv6 address either automatically, or the customer can also select both. They must though both be assigned from the /64 IPv6 CIDR block assigned to the corresponding LAN. The first public IPv6 address is assigned by DHCP and in total a maximum of 50 IPv6 addresses can be assigned per network interface. IPv6 addresses are static, meaning they remain assigned in the case of a virtual server restart.
Cloud Connect enables the customer to create a direct and dedicated Layer-3 connection between their company network and their virtual data center (VDC). The customer can use Cloud Connect if both of the following conditions are fulfilled:
- 1.The connecting VDC is operated at the locations of Frankfurt, Berlin, or Las Vegas.
- 2.The customer has a dedicated line connection to the corresponding data center.
A connection can take place in different ways, for example, Dark-Fiber, MPLS, or Cross Connect. For this purpose, the customer can contract a telecommunications company to establish the connection.
The 24/7 Enterprise Level Support is available to assist with any questions concerning the topic of Cloud exchange and connection.
The IONOS Cloud IP-Failover feature helps to minimize packet loss for high availability or failover setups in the event that one of the virtual machines experiences an outage. By setting up IP-Failover groups for public traffic, customers can define the network interfaces of virtual servers that are part of a high availability setup.
“User” type accounts can create or edit IP-Failover groups using only reserved IP addresses, for which they have been granted access. The IP-Failover feature only provides provisioning of the same IP to multiple network interfaces from different virtual servers on the same LAN. It does not monitor the availability of the service to be accessed by the given IP. The monitoring and GARP announcements to gateways must be made by the customer individually on each virtual server that is a member of an IP-Failover setup.
IP Failover groups cannot be created for IPv6 addresses and is an IPv4 only feature.
IONOS Cloud offers the customer the function of a Classic Load Balancer for public traffic within their infrastructure. This load balancer distributes the incoming network traffic according to an ECMP algorithm on the servers configured behind the load balancer. The Classic Load Balancer is for basic balancing scenarios and does not provide granular configuration or health checks.
IONOS Cloud allows the customer to use a software firewall within their infrastructure. For this purpose, the virtual network interface cards of a virtual server can be assigned a packet filter. The network traffic, which is aimed at the virtual server, is already filtered before the customer’s virtual machine.
For every network interface of a virtual server, IONOS Cloud provides an IP configuration via DHCP. In this context, the type of configuration distinguishes between whether the network interface is connected with the public Internet or a private Ethernet.
The following parameters are provided for the configuration via DHCP:
- Public IPv4 address
- Network mask (255.255.255.255)
- Gateway address
- DNS server address
- MTU (1,500)
Similarly, DHCPv6 is supported for IPv6 public addresses
The following parameters are provided for the configuration via DHCP:
- Private IP address (10.x.x.x)
- Network mask (255.255.255.0)
- MTU (1,500)
The DHCP server always uses the address A.B.C.1 in the class C network, which corresponds to the assigned IP address.
The configuration through DHCP can be optionally activated or deactivated via network interface (DCD, or Cloud API). The configuration via DHCP is activated for newly created network interfaces.
For the resolution of public domain names, IONOS Cloud operates a redundant set consisting of two DNS servers at every data center location.
These DNS servers are operated as “caching” DNS servers and/or DNS resolvers, and are automatically assigned to the virtual customer entities via the DHCP IP address resolution.
Customer-specific internal domains cannot be resolved on caching DNS servers.
A standard reverse entry is assigned to all public IPv4 addresses, which are assigned to the virtual entities.
These entries follow the format pAAA-BBB-CCC-DDD.pbiaas.com, whereby AAA-BBB-CCC-DDD corresponds to the IPv4 octets.
For statically assigned IP addresses, the existing reverse entry can be adapted according to the customer requirements via a Service Request to the 24/7 Enterprise Level Support.
IONOS DDoS Protect is a managed Distributed Denial of Service defense mechanism, which ensures that every customer resource hosted on IONOS Cloud is secure and resilient against Layer 3 and Layer 4 DDoS attacks. This is facilitated by a filtering and scrubbing technology, which in the event of detection of an attack filters the malicious DDoS traffic and lets through only the genuine traffic to its original destination. Hence, enabling applications and services of our customers to remain available under a DDoS attack.
Known attack vectors regularly evolve and new attack methods are added. IONOS Cloud monitors this evolution and dedicates resources to adapt and enhance DDoS Protect as much as possible to capture and mitigate the threat.
The service is available in all of our data centers.
The service is available in two packages:
DDoS Protect Basic: This package is enabled by default for all customers and does not require any configuration. It provides basic DDoS Protection for every resource on IONOS Cloud from common volumetric and protocol attacks and has the following features:
- DDoS traffic filtering - All suspicious traffic is redirected to the filtering platform where the DDoS traffic is filtered and the genuine traffic is allowed to the original destination.
- Always-On attack detection - The service is always on by default for all customers and does not require any added configuration or subscription.
- Automatic Containment - Each time an attack is identified the system automatically triggers the containment of the DDoS attack by activating the DDoS traffic and letting through only genuine traffic.
- Protection against common Layer 3 and 4 attacks - This service protects every resource on IONOS Cloud from common volumetric and protocol attacks in the Network and Transport Layer such as UDP, SYN floods, etc.
DDoS Protect Advanced: This package offers everything that is part of the DDoS Protect Basic package plus advanced security measures and support.
- 24/7 DDoS Expert Support - Customers have 24/7 access to IONOS Cloud DDoS expert support. The team is available to assist customers with their concerns regarding ongoing DDoS attacks or any related issues.
- Proactive Support - The IONOS Cloud DDoS support team, equipped with alarms, will proactively respond to a DDoS attack directed towards a customer's resources and also notify the customer in such an event.
- On-demand IP specific DDoS filtering - If a customer suspects or anticipates a DDoS attack at any point in time, they can request to enable DDoS filtering for a specific IP or server owned by them. Once enabled, all traffic directed to that IP will be redirected to the IONOS Cloud filtering platform where DDoS traffic will be filtered and genuine traffic will be passed to the original destination.
- On-demand Attack Diagnosis - At the customer's request, a detailed report of a DDoS attack is sent to the customer, explaining the attack and other relevant details.
NOTE: IONOS Cloud sets forth Security as a Shared Responsibility between IONOS Cloud and the customer. We at IONOS Cloud strive at offering a state-of-the-art DDoS defense mechanism. Successful DDoS defense can only be achieved by a collective effort on all aspects including optimal use of firewalls and other settings in the customer environment.
Flow log is a feature that allows you to capture data related to IPv4 and IPv6 network traffic flows. Flow logs can be enabled for any network interface of a virtual machine (VM) instance, the Managed Network Load Balancer, the Managed Application Load Balancer, as well as the public interfaces of the Managed Network Address Translation** (**NAT) Gateway.
Flow logs can help you with a number of tasks such as:
- Debugging connectivity and security issues
- Monitoring network throughput and performance
- Logging data to ensure that firewall rules are working as expected
The service can be configured for the direction of network traffic (ingress, egress, bi-directional) as well as action (accepted, rejected traffic packets, or any). Data is collected by the services and submitted in a compressed file to a customer's IONOS S3 Object Storage bucket, which can be specified by the customer at the time of flow log activation.
The service will not update existing files but will send new flow log records in a new compressed in an interval of 10 minutes.
IONOS Cloud Managed Kubernetes (K8s) is an open-source system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery. Container technology makes software development more flexible and agile, however, it is quite complex to manage and requires a certain level of expertise.
IONOS Cloud Managed Kubernetes facilitates the fully automated setup of Kubernetes clusters. Several clusters can also be quickly and easily deployed, for example, to set up staging environments, and then deleted again if necessary. Kubernetes also significantly simplifies the automation of CI/CD pipelines in terms of testing and deployment.
IONOS Cloud Managed Kubernetes solution offers maximum transparency and control of the K8s cluster. This includes:
- Fully automated setup of entire K8s clusters and K8s node pools (with optional horizontal auto-scaling of nodes)
- Highly-available and geo-redundant control plane
- Full cluster admin-level access to Kubernetes API
- Dedicated CPU and memory resource assignment
- Double redundant and persistent HDD/SSD storage
- Easy integration of Cloud services
- Regular security and version updates