Cloud Servers: Getting Started

With your own powerful Cloud Server, you gain access to a variety of useful features, making it well-suited for both simple and highly complex projects.

In this article you will learn how to set up a Cloud Server and what steps you need to take after the setup. Furthermore, it also explains the most important features in the Cloud Panel.

Setting Up a Cloud Server

In the following article you will learn how to set up a Cloud Server according to your requirements:

Creating a Server (Cloud Server)

You can find out how to add more storage resources after the setup here:

Edit server

Managing Your Servers

In the Infrastructure > Servers section, you can manage your servers, including starting, restarting, and shutting down the servers. Plus, you can reinstall the server if necessary.

At the top right of the overview, the date and time of the last login to the Cloud Panel as well as the IP address from which the login took place are listed. If a login fails, in addition to the above information, you will also see the number of failed login attempts since the last successful login and the country where the login was attempted.

Please Note

To increase the level of security, the Cloud Panel will be locked for a few minutes after three failed login attempts. The length of time this lock is active is shown to you on the login page.

To perform any of the above actions, select the desired server and click Actions. Then, you can perform the desired action.

To access the detailed information of the server, select the desired server. After that, all of the important information about the server will be displayed.

For more information on managing the server in the Infrastructure > Servers section, please see the article Servers.

Default Server Configuration

By default, your Cloud Server is provisioned with the following settings:

Public IP:

With a public IP, your server is accessible from the outside. This is required so that your customers can access your website. The server is assigned a public IPv4 address by default. If you need additional IPv4 addresses, you can create and assign them to the server.

Cloud Servers also support public IPv6 addresses. By default, no public IPv6 addresses are assigned when you create a server. If required, you can create and assign an IPv6 address to your server in Cloud Panel.

Please Note

If you assign more than two IPv4 or IPv6 addresses, you must adjust the server's network configuration.

Cloud Panel: Firewall

For security reasons, the server is always protected with an external hardware firewall that can be configured in the Cloud Panel. This firewall blocks incoming traffic for all ports except those configured in the rules.

By default, a firewall policy is configured according to the requirements imposed by the installed image:

  • Linux Servers: Incoming traffic is allowed for TCP ports 22, 80, 443, and 8443.

  • Windows Servers: Inbound traffic is allowed for TCP ports 80, 443, and 3389.

  • Plesk Servers: In addition to the ports that are enabled for your operating system, incoming traffic is allowed for TCP ports 8443, 8447, and TCP/UDP 53.

  • Cloud apps: When you create a server with a specific application, such as WordPress, a new firewall policy is automatically configured. In this firewall policy, the same ports are opened for incoming traffic as in the Linux policy. In addition, the firewall policy opens only the specific ports that are required by the application.

Please Note

For security reasons, the SMTP port (25) is closed by default. This measure prevents emails from being sent from your server. If you need to unlock the port, please contact support.

In the Firewall Policies section, you can manage the firewall policies. You can create new firewall policies and configure the firewall rules for incoming traffic according to your needs. You can also add and delete ports in the existing firewall policies.

For more information about firewall policies, please see the article Firewall Policies.

Please Note

In IONOS Cloud Servers, the operating system firewall (Windows firewall, iptables) is disabled by default.

Cloud Panel: Monitoring

You can use a monitoring policy to monitor your servers. By default, your server is assigned a monitoring policy that monitors the RAM, CPU, data transfer, and ping resources.

You can monitor the status of the server in Server Details or in the Monitoring Centre. When a limit is exceeded, a warning is displayed in this area.

When you create a server, a default monitoring policy is automatically assigned. However, if required, you can assign a different monitoring policy at any time. When you create a monitoring policy, you can specify that alerts are sent to an email address of your choice.

Monitor server performance

An overview of the tools you can use to monitor the performance of your servers can be found here:

Monitor server performance (Linux)

Monitor server performance (Windows)

Please Note

You can only monitor servers that have an IP address assigned to them.

For more information on monitoring guidelines, please see the following article:

Monitoring

Establishing a Connection to Your Server

You can find the login details in the overview of your server. To connect to your server, you need the following data:

  • IP/Hostname

  • User

  • Password

If you do not enter a password when creating a server, the password will be generated automatically during server creation. In this case, the password will be displayed in the server details.

If you enter your own password during server creation, it will not be displayed in the server details.

Please Note

Only passwords that are automatically generated in the course of creating or reinstalling a server can be displayed in the server details.

You can access your server in several ways:

  • Access via the Cloud Panel using the KVM console: With this method, you can access your server using your browser. You do not need any additional software to do this. You can also use the KVM console to access the server during a reboot or reinstallation. To access the server using the KVM console, select the desired server. Then click Actions > Start KVM Console. For more information, click here: Using KVM Console for Server Access (Cloud Server and VPS)

  • Access using your computer:

    Computer with Linux operating system: Access via SSH

    Computer with Microsoft Windows operating system: Access via Remote Desktop

You can find more information here:

Transferring Files Securely with FTP

Configuring Domains

You can access your server directly via the public IP or the automatically generated hostname. However, to make your website easily accessible to your customers, you need a domain. Connect this domain to the static IP address of the server so that the domain points to your server. This is possible by means of configuring an A record (Address Resource Record) or an AAAA record.

Modifying the Server Configuration

You can edit the configuration of your server at any time in the Server > Infrastructure section. To do so, select the desired server and click Actions > Customise. You can then choose either Standard or Flex configurations. Flex configurations allow you to increase the resources of your server independently. You can adjust the number of CPUs, the size of RAM, and the size of SSD.

This solution is especially useful if you need to increase your resources due to temporary increased workloads during an expected busy period.

Please Note

After customising the server, the size of the SSD cannot be reduced.

Adding Block Storage

Block Storages provide additional storage space that you can use in conjunction with a Cloud Server. Each block storage consists of an SSD whose size you can specify individually. Since block storages are treated as individual data volumes, they are suitable for storing files, databases or log files, for example.

Block Storages can only be assigned to a single Cloud Server. If necessary, you can assign the Block Storage to another Cloud Server if it is located in the same data centre.

For more information on Block Storages, see the following article:

Block Storage

Creating Your Server Infrastructure

The Cloud Panel not only lets you manage your servers. It also offers you many features to build your own infrastructure.

  • You can create as many servers as you need. You have the possibility to create either Dedicated Servers or more Cloud Servers. You can choose between different configurations and hardware models to meet the requirements of your project. In addition, you can select both the desired data centre and the desired Availability Zone. Availability Zones consist of several isolated, physical locations within a data centre. They are linked to each other via dedicated, regional networks and are designed with redundancy. This ensures that your server is also available during maintenance, for example. You can use the resources you have set up in the respective data centre with all availability zones.

    For more information on how to create a Cloud Servers, see the article Creating a Cloud Server.

  • Create a load balancer to distribute workloads across your servers. For more information on load balancers, see the article Creating Load Balancers.

  • Private Networks: Connect your servers in a private network to create your own logical networks and reduce latency. More information about private networks can be found here: Overview: Private Networks

  • VPN: Use a VPN to establish a secure connection to your servers. VPNs allow you to establish a secure, SSL-encrypted connection between your local PC and your Cloud Servers.

  • Users: You can allow additional users to manage your services at Cloud Panel. In addition, you can create roles for these users to assign the necessary permissions. More information can be found in the following articles:

    Cloud Panel Users
    Cloud Panel Roles

Safety Recommendations

Monitoring Your Server

By means of monitoring, you can monitor the resources of your server. In addition, you can also be notified when the set limits are exceeded.

When you create a server, a default monitoring policy is automatically assigned. Alternatively, you can create new custom monitoring policy. When you create a monitoring policy, you can also specify that alerts are sent to an email address of your choice.

If you install the Monitoring Agent on your server, you can use additional monitoring features. This is not mandatory for basic monitoring.

Monitoring policies allow you to monitor the following resources:

  • RAM usage

  • CPU usage

  • Disk space usage

  • Data transfer

  • Ping value

  • Ports

  • Processes

Note

To retrieve information about free disk space or about running processes, it is necessary to install the Monitoring Agent.

For more information on the monitoring guidelines, click here:

Monitoring

Create backups

Protecting your server is critical to the security of your data. This is especially important in the event of a server failure. Therefore, we strongly recommend that you create backups on a regular basis.

Use the Backup Package to create backups of your servers. This backup solution is particularly suitable for scheduled, medium and long-term backups. These backups are managed in the Backup Console, which can be opened from the Cloud Panel. To perform backups, you need to install Backup Agent on the server you want to back up and register the server in Backup Console. Then you can create the desired backup plans. With a backup plan, you can schedule backups of your full server, files and folders, or volumes according to your backup strategy.

For more information about the backup package, click here:

Backup Packages

Configure Firewall

Firewall is used to improve network security by filtering incoming traffic based on a set of firewall policies. Open ports are used by hackers to perform attacks and gain access to your infrastructure.

By default, the firewall is configured to deny traffic to all ports. The ports that are enabled in the firewall policy are excluded from this. When the server is shipped, only the ports that are required to access the server or are required by the particular installed application are enabled in the firewall.

We recommend that you keep all unnecessary ports closed by default to increase the security of your server.

More information about firewall policies can be found here:

Firewall Policies

Keep operating system up to date

When you order a server from IONOS, it will always be created with the latest update available for the operating system or distribution. However, you should always keep the server up to date.

Operating system updates mainly provide two types of functionality: new features or fixing bugs or security vulnerabilities. If a security vulnerability exists in the operating system installed on a server and it is not fixed, hackers can exploit this vulnerability to gain access to the server.

Therefore, patch management is an important part of maintaining your systems. Since applying security updates in a timely manner is one of the most important and effective things you can do to protect your server, your patch management should be as efficient as possible.

Security recommendations for Linux servers

Public-key authentication

Public-key authentication is a secure alternative to the well-known classic authentication with username and password. The advantage of public-key authentication is the higher level of security, since SSH keys are much more complex and thus more difficult to crack than passwords.

This method uses a private and a public key for user authentication. The public key must be stored in Cloud Panel so that public key authentication can be set up. You can then assign the public key to one or more servers during server creation. If required, you can also assign multiple public keys to a server. The public key is automatically entered into the root/.ssh/authorized_keys file during server creation. The private key is stored locally on the user's own computer. After creating the server, the user can log in to the server using the public key without a login password. This may require entering the password that protects the public key.

To protect your server even more effectively, you can additionally disable SSH password authentication. You can make this setting during the creation of a new server. If you disable SSH password authentication, the user will be able to log in to the server using only public key authentication. In this case, authentication by password entry is only possible when the user logs in to the server using the KVM console or the VNC console.

If you use public key authentication, no one can access your server without the private key. This security measure significantly reduces the risk of being hacked.

You can find more information here:

Generate SSH key

Using public-key authentication to establish an SSH connection with PuTTy

Additional security measures

Attackers can cause significant damage if they manage to penetrate a server to grab data, manipulate data, or disrupt the server's availability. To protect a server and its services from attacks and failures, securing the operating system as well as the services and applications installed on it is crucial. Therefore, we recommend the following additional security measures to increase the security level of your server:

Use strong passwords

Strong passwords are very important for your server's security, as they make it more difficult for potential attackers to gain access to your server. The following recommendations and tips will help you create a strong password and protect your server from unauthorized access:

  • Use a password that is not listed in dictionaries.

  • A secure password does not contain a complete word.

  • A secure password does not contain your username, real name or company name

  • Do not use data from your personal environment such as birthdays, names, etc.

  • A strong password is significantly different from previous passwords you have used.

A strong password contains:

  • At least 8 characters

  • Upper and lower case letters

  • At least one number

  • At least one special character

Use the principle of least privilege

The least privileged account (LUA) approach is an important part of this defense-in-depth strategy. The LUA approach requires that users be granted only those access rights that are essential to their work. This strategy can significantly reduce malware risk and the risk of inadvertent misconfigurations.

Restrict access to the server

Allow only authorized users to access the server.

Troubleshooting

If your server is running but is not accessible via SSH or Remote Desktop Connection, first check which firewall policy is assigned to the server. If port 3389 is not enabled in the firewall policy, you cannot establish a Remote Desktop Connection to the server. If port 22 is not enabled in the firewall policy, you cannot establish an SSH connection to the server.

If you cannot establish a remote desktop connection (Microsoft Windows Server) or an SSH connection (Linux) even though you have enabled the above ports, you can use the KVM console to log in to your server. The KVM console allows you to remotely maintain your system as if you were sitting right in front of it. You can follow the system messages as if they were on a "real" screen and interact with the server at any time. For example, in case of startup difficulties, the server can be booted with different boot options or even with an alternative image. Thus, the KVM console is especially useful for advanced troubleshooting.

If you cannot access the server because you have forgotten your password, please follow the steps described in the following articles:

Resetting the Windows Administrator Password

Resetting the root password (Linux)

If you have problems with the server, you can use the Knoppix DVD to boot from. Knoppix provides you with an operating system that you can use to check your server's operating system and repair it if necessary. In addition, you can also use Knoppix to save the data that is on the server if, for example, the data structure of the file system has been destroyed.

Reinstalling Servers

You can restore your server to its factory default state at any time by using an image. Alternatively, you can create and use your own images to restore your server.

In addition, images are available that contain certain pre-installed applications, such as WordPress or Plesk. You can use these images to install your server from scratch. In total, images for over 40 different applications are available to you.

When you reinstall the operating system, all stored data on the server will be deleted. Therefore, make sure that you have a backup copy of your data. For more information on reinstalling a server, click here:

Reinstall Image

In addition, you can import a bootable virtual machine image to use for reinstalling on existing servers or creating new servers. More information about images can be found here:

Images


Did this article help you?

Your feedback helps us to further improve our services. To leave feedback, log in to your IONOS account by clicking on the login button at the top right. You can then submit a rating below the article.