With your own vServer/VPS, you can use a variety of functions, which are explained in this article, that make it suitable for both simple and highly complex projects.
This article describes the first steps you need to take after setting up your VPS. In addition, the most important functions of the Cloud Panel are explained.
Managing the Server
In the Infrastructure > Server section, you can manage your servers. Simply click Actions and choose the action you want to perform. Also in this section, you can start, restart and shut down the server, or if necessary, you can even reinstall the server. When you activate a server in the Infrastructure > Server section, the details of the server is displayed. In the details section, all important information about the server is displayed.
Additional information about the management of the server in the Infrastructure > Server section can be found here .
Default Server Configuration
By default, your VPS is equipped with the following configuration:
With a Public IP, your server is accessible from the outside. This is necessary so that your customers can access your website. The server is provided by default with a public IPv4 address. If you need additional IPv4 addresses, you can create additional public IP addresses and assign them to the server.
The VPS also supports public IPv6 addresses. By default, no IPv6 address is assigned when a server is created. If necessary, you can create an public IPv6 address in the Cloud Panel and assign it to your server.
If you assign more than two IPv4 or IPv6 addresses, it is necessary to customize the network configuration of the server.
Further information can be found here:
Cloud Panel: Firewall
Due to security reasons, the server is always protected with an external hardware firewall, wich can be configured in the Cloud Panel. This firewall blocks incoming traffic for all ports except those configured in the rules.
By default, a firewall policy is configured according to the specific needs of the installed template:
Linux Server: allow incoming traffic for ports TCP 22, 80, 443 and 8443.
Windows Server: allow incoming traffic for ports TCP 80, 443 and 3389.
Plesk server: In addition to the ports enabled for your operating system, incoming traffic is allowed for TCP 8443, 8447, and TCP/UDP 53 ports.
Cloud apps: When you create a server with a specific application like WordPress, a new firewall policy is automically configured. In this firewall policy, the same ports are shared for incoming traffic as in the linux policy. In addition, only the the specific ports, which are required by the the application, are opened in the firewall policy.
For security reasons, the outgoing SMTP port 25 has been locked. If you want to use the SMTP port please contact customer support.
In the Firewall Policies section, you can manage the firewall policies. You can create new firewall policies and configure firewall rules for incoming traffic according to your needs. More information about firewall policies can be found here:
- For Virtual Private Servers (VPS), the operating system firewall (Windows Firewall, iptables) is completely open.
Connecting to the Server
You can find the access data in the details section of your Server. To establish the connection, you need the following data:
If you do not enter a password when you create a server, the password is automatically generated during the server creation. In this case, the password is displayed in the server details.
If you enter an own password, when you create a server, the password will not be displayed in the server details.
Only passwords, which are generated automatically during the server creation or reinstallation can be displayed in the server details section.
You can access your server in various ways:
Access from the Cloud Panel via the KVM console. With this method you can access your server via your browser. The KVM console also allows to access the server during a reboot or reinstallation. To access to the server using the KVM Console, select the desired server and click on Actions > Access KVM Console.
Further information can be found here: Accessing a Server via the KVM console
Further information can be found here:
Configure a Domain
You can access your server directly via the public IP. However, to make your website easily accessible to your customers, you need a domain. Connect this domain to the static IP address, so that the domain points to your server. This is possible by configuring an A record (Address Resource Record) or an AAAA record.
Customize the Server
If you have high loads in your server and you need to have more resources (CPU, RAM, SSD), you can change the package in IONOS and choose a serverwith increased server resources.
Open the Contract & Subscriptions section.
Select the contract.
In the Contract Change area, click Display contract change options.
The IONOS shop opens.
Select the desired VPS.
The size of your VPS is adjusted without data loss. Due to the subsequent need to restart the server, it is temporarily unavailable.
You cannot switch to a smaller package.
By default, your server is assigned a monitoring policy that monitors RAM, CPU, data transfer, and ping resources.
You can monitor the status of the server in the server details or in the Monitoring Center. If a limit value is exceeded, a warning is displayed in this area.
When you create a server, a default monitoring policy is automatically assigned. However, you can assign a different monitoring policy at any time. When you create a default monitoring policy, you can also specify that notifications should be sent to an email address of your choice.
You can monitor only the servers having an IP address assigned.
Further information about monitoring policies can be found here
Backup your data
The protection of your server is crucial for the security of your data. This is particularly important in the event of a server failure. Therefore we strongly recommend you to create backups regularly.
Use the Backup Packages solution to create backups of your servers. This solution is is particularly useful for planned, medium and long-term backups. These backups are managed in the Backup Console, which can be opened via the Cloud Panel. To perform backups, you need to configure the backup agent on the server to be backed up and register the server in the Backup Console.Then you can create backup policies. With a backup policy, you can schedule the creation of security copies of your full server, files and folders or volumes according to your backup strategy.
Further information about the backup package can be found here:
A firewall is used to block incoming traffic. Open ports are used by hackers to attack and gain access to your infrastructure.
By default, the firewall is configured to deny traffic for all ports. The ports that are enabled in the firewall policy are excluded. When the server is delivered, only the ports required to access the server or required by the installed application are whitelisted in the firewall.
Our recommendation is to keep all unnecessary ports closed by default in order to increase the security of your server.
Further information about firewall policies can be found here:
Keep your operating system up to date
If you order a server from IONOS, it will always be shipped with the latest update, which is available for the operating system or distribution. Nevertheless, you should always keep the server up to date.
Operating system updates are mainly offered to implement new features or to fix bugs or vulnerabilities. If a vulnerability in the operating system of a server is not fixed, hackers can exploit the vulnerability to gain access to the server.
We recommend that you update your operating system as security patches become available.
Security Recommendations for Linux Servers:
Public Key Authentication
The Public key authentication is a secure alternative to the well-known classic authentication with user name and password. The advantage of public key authentication is the higher security level, as SSH keys are much more complex and therefore more difficult to crack than passwords.
This method uses a private and a public key to authenticate users. The public key must be stored in the Cloud Panel to enable public key authentication. You can then assign the public key to one or more servers during server creation. If necessary, you can also assign multiple public keys to a server. The public key is automatically entered into the file root/.ssh/authorized_keys during the creation of the server. The private key is stored locally on your own computer. After the server is created, the user can log on to the server without a login password using the public key. If necessary, enter the password with which the public key is protected.
To protect your server even more effectively, you can also disable the SSH password authentication. You can make this setting while creating a new server. If you disable the SSH password authentication, the user can only log on to the server using public-key authentication. Authentication by means of password input is only possible in this case if the user logs into the server using the KVM console or the VNC console.
If you use public-key authentication, no one can access your server without the private key. This safety measure significantly reduces the risk of being hacked.
Further information can be found here:
Additional Security Measures
Attackers can do considerable damage if they manage to penetrate a server to steal data, manipulate data, or disrupt the availability of the server. In order to protect a server and its services against attacks and failures, the protection of the operating system as well as the services and applications installed on it is of crucial importance. We therefore recommend the following additional security measures to increase the security level of your server:
Use strong passwords
Strong passwords are very important for the security of your server, because they make it more difficult to potencial attackers to easily gain access to your server. The following recommendations and tips will help you create a secure password and protect your server from unauthorized access:
Use a password that is not listed in dictionaries.
A secure password does not contain a complete word.
A secure password does not contain your username, real name or company name.
Do not use data from your personal environment such as birthdays, names, etc..
A secure password differs significantly from previous passwords you have used
A secure password contains:
At least 8 characters
Uppercase and lower case letters
At least one number
At least one special character
Use the principle of least privileges
The least privileged user account (LUA) approach is an important part of this defense strategy. e LUA approach requires that users are given only those privileges which are essential for their work. This strategy can significantly reduce malware risks and the risks associated to incorrect configurations, which are done accidentally.
Restrict access to the server
Allow only authorized users to access the server.
Upgrade to a Cloud Server
If you need to create a complete server infrastructure, you can upgrade your VPS to a Cloud Server.
The Cloud Server does not only allow to manage your server. This product also provides a lot of additional features to build up your own infrastructure.
You can create as many servers as you need in the Cloud Panel. You have the option of creating either a Cloud Server or a Dedicated Server. You can choose between different configurations and hardware models to meet the requirements of your project.
Create a load balancer to distribute the workloads between your servers.
Private networks: connect your servers to a private network to create your own logical network areas and reduce latencies.
VPN: establish a secure connection to your server infrastructure using SSL VPN.
Users: you can allow additional users to manage your services in the Cloud Panel. You can also create roles for these users to grant the required privileges. Further information can be found here:
Discover the full potential of the Cloud Panel: With the Cloud Panel you can also manage the following additional products: Managed Cloud Hosting and Kubernetes as a Service
If your server is running but cannot be reached via SSH or Remote Desktop Connection, first check which firewall policy is assigned to the server. If port 3389 is not shared in the firewall policy, you cannot establish a remote desktop connection to the server. If port 22 is not shared in the firewall policy, you cannot establish an SSH connection to the server.
If you cannot establish a remote desktop connection (Microsoft Windows Server) or an SSH connection (Linux) despite sharing the above ports, you can use the KVM console to log into your server. The KVM console allows remote maintenance of your system just as if you were sitting right in front of it. You can track the system messages like on a "real" screen and interact with the server at any time. For example, the server can be booted with other boot options or even with an alternate image in case of startup problems. This makes the KVM console ideal for advanced troubleshooting.
If you do not have access to the server because you have forgotten your password, please follow the steps described in the following articles:
If you have problems with the server, you can use the Knoppix DVD to boot from it. With Knoppix you have an operating system at your disposal with which you can check the operating system of your server and repair it if necessary. Furthermore, with Knoppix you can also save the data that is on the server, e.g. if the data structure of the file system was destroyed.
Reinstalling the Server
You can use an image to restore your server to its default state at any time. Alternatively, you can create your own images and use them to restore your server.
You can also use images that contain certain pre-installed applications such as WordPress or Plesk. You can use these images to reinstall your server. In total, images are available for over 40 different applications.
When you reinstall the operating system, all data stored on the server is deleted. Therefore, make sure that you have a security copy of your data.
For more information on reinstalling a server, click here:
Reinstalling an image
In addition, you can import a bootable image from a virtual machine to use it for reinstalling on existing servers or creating new servers.
Further information about the images can be found here: