Cloud Servers: Getting Started

With your own powerful Cloud Server, you gain access to a variety of useful features, making it well-suited for both simple and highly complex projects.

In this article, we'll show you the first steps you need to take after setting up your Cloud Server. It also explains the most important features in the Cloud Panel.

Managing Your Servers

In the Infrastructure > Server section, you can manage your servers, including the most basic functions such as starting, restarting, and shutting down the server. You can also reinstall the server if necessary. To perform one of these actions, select a server, and then click Actions. You can then perform the required action. To open the details section, select the required server. All of the most important information about the server will then be displayed.

Additional information on server administration in the Infrastructure > Server section can be found here:

Cloud Panel Articles

Default Server Configuration

By default, your Cloud Server is deployed with the following settings:

Public IP:

With a public IP address, your server is accessible from anywhere. This of course is necessary so that your customers can access your website. The server is assigned a public IPv4 address by default. If you need additional IPv4 addresses, you can create additional public IP addresses and assign them to the server. 

Cloud Servers also support public IPv6 addresses. By default, no IPv6 address is assigned when a server is created. If required, you can create an IPv6 address in the Cloud Panel and assign it to an existing server.

Please Note

If you assign more than two IPv4 or IPv6 addresses, it becomes necessary to customize the network configuration of the server.

Cloud Panel: Firewall

Due to security reasons, the server is always protected with an external hardware firewall, which can be configured in the Cloud Panel. This firewall blocks incoming traffic for all ports except those configured in the rules.

By default, a firewall policy is configured according to the requirements of the installed image:

  • Linux Server: Allow incoming traffic for TCP ports 22, 80, 443 and 8443.

  • Windows Server: Allow incoming traffic for TCP ports 80, 443 and 3389.

  • Plesk: In addition to the ports enabled for your operating system, incoming traffic is allowed for TCP ports 8443, 8447, and TCP/UDP port 53.

  • Cloud apps: When you create a server with a specific application, such as WordPress, a new firewall policy is automatically configured. This firewall policy opens the same ports for incoming traffic as the Linux policy. In addition, the firewall policy only opens the specific ports required by the application.

Please Note

SMTP port 25 (outgoing) is blocked for security reasons. If you want to enable the SMTP port, please contact customer service.

In the Firewall Policies section, you can create new firewall policies and configure firewall rules for incoming traffic according to your needs. You can also add and delete ports in the existing firewall policies.

Additional information about firewall policies can be found here:

Firewall Policies

Please Note

For Cloud Servers, the firewall of the operating system (Windows Firewall, iptables) is disabled by default.

Cloud Panel: Monitoring Policy

You can use a monitoring policy to log your servers. By default, your server is assigned a monitoring policy that monitors RAM, CPU, data transfer, and ping resources.

You can monitor the status of the server in the server details or in the Monitoring Center. If a limit value is exceeded, a warning is displayed in this area.

When you create a server, a default monitoring policy is automatically assigned. However, you can assign a different monitoring policy at any time. When you create a monitoring policy, you can choose to send alerts to an email address of your choice.

Please Note

You can only monitor the servers with an assigned IP address.

Additional information on monitoring policies can be found here:

Monitoring Policies

Connecting to the Server

You can find the access data in the Details section of your server. To establish a connection to your server, you need the following data:

  • IP/Hostname

  • User

  • Password

If you do not enter a password when creating a server, the password is generated automatically during the server creation. In this case, the password is displayed in the server details.

If you enter your own password when you create a server, the password will not be displayed.

Please Note

Only passwords that are automatically generated during the creation or reinstallation of a server can be displayed in the server details.

You can access your server in various ways:

  • Access from the Cloud Panel using the KVM console. This method allows you to access your server through your browser. You do not need any additional software for this. The KVM console also allows to access the server during a reboot or reinstallation.  To access to the server using the KVM Console, select the desired server and click Actions -> Access KVM Console. Additional information can be found here: Accessing a Server via the KVM console (Cloud Server and VPS)

  • Access through your computer:

    Computers with Linux operating system: SSH Access

    Computers with Microsoft Windows operating system: Remote Desktop Access

Additonal information can be found here:

Transfer Files Securely Step by Step Using FTP

Configure a Domain

You can access to your server using directly the public IP or the auto-generated hostname. However, to make your website easily accessible to your customers, you need a domain. Connect this domain to the static IP address, so that the domain points to your server. This is possible by configuring an A record (Address Resource Record) or an AAAA record.

Customize the Server

You can change the configuration of your server at any time in the Server > Infrastructure section. To customize it, activate the desired server and click Actions > Customize. You can then choose between the fixed configurations and the Flex configuration. With the Flex configuration, you can increase the resources of your server separately.  You can add and remove RAM, CPUs and increase the size of the SSD. 

This solution is particularly useful when you need to increase your resources due to temporary workloads during a period of time.

Please Note

After the customization of the server, the size of the SSD cannot be reduced.

Add Block Storage

Block storages provide additional storage space that you can use with a Cloud Server. Each block storage consists of an SSD that can be individually customized. Since block storages are treated as individual data carriers, they are suitable for storing files, databases, or log files, for example.

Block storages can only be assigned to a single Cloud Server. If required, you can assign the Block Storage to another Cloud Server if it is located in the same data center.

Further information about Block Storages can be found here:

Block Storage

Create your Server's Infrastructure

With the Cloud Panel , you can not only manage your servers, but it also offers you many features to build up your own infrastructure. 

  • You can create as many servers as you need, either Dedicated Servers or Cloud Servers. You can choose between different configurations and hardware models to meet the requirements of your project. Additional information on creating a Cloud Servers can be found here here: Create a Cloud Server

  • Create a load balancer to distribute the workloads between your servers. Additional information on load balancers can be found here: Create Load Balancer

  • Private networks: connect your servers to a private network to create your own logical networks and reduce latency. Additional information about private networks can be found here: Overview: Private Networks

  • VPN:  Use a VPN to establish a secure connection to your servers. With a VPN, you can establish a secure, SSL-encrypted connection between your local PC and your Cloud Servers.

  • Users: Allow additional Cloud Panel users to manage your services in the user account. You can also create roles for these users to grant the required privileges. Additional information can be found here: User Roles

  • Managed Cloud Hosting: With Managed Cloud Hosting you can run your stacks or applications on a scalable cloud platform, with a wider range of configuration options and dedicated resources.

  • Kubernetes as a Service: With Kubernetes as a Service, you can run your applications at scale with the powerful and resilient orchestration of Kubernetes clusters. The intuitive interface takes away the hassle and complexity of deploying Kubernetes clusters, but still gives you total control over your container workloads.

Security Recommendations

Server monitoring

You can use monitoring to track the resources of your server. In addition, you can also be notified if the specified limits are exceeded.

When you create a server, a default monitoring policy is automatically assigned. Alternatively, you can create new custom monitoring policies. When you create a monitoring policy, you can also specify that notifications should be sent to an email address of your choice.

If you install the Monitoring Agent on your server, you can use additional monitoring functions. This is not mandatory for basic monitoring.

Monitoring guidelines allow you to monitor the following resources:

  • RAM usage

  • CPU load

  • disk usage

  • data transfer

  • ping value

  • ports

  • processes 

Please Note

To retrieve information about free disk space or running processes, it is necessary to install the monitoring agent.

Additional information on the monitoring policies can be found here:

Monitoring Policies

Creating Backups

The protection of your server is crucial for the security of your data. This is particularly important in the event of a server failure. Therefore, we strongly recommend you to create backups regularly.

Use the Backup Packages solution to create backups of your servers. This solution is is particularly useful for planned, medium and long-term backups. These backups are managed in the Backup Console, which can be opened in the Cloud Panel. To perform backups, you need to configure the backup agent on the server to be backed up and register the server in the Backup Console.Then you can create backup policies. With a backup policy, you can schedule the creation of security copies of your full server, files and folders or volumes according to your backup strategy.

Additional information about the backup packages can be found here:

Backup Packages

Firewall Configuration

The firewall is used to improve network security by filtering incoming traffic based on a set of firewall policies. Open ports are used by hackers to launch attacks and gain access to your infrastructure.

By default, the firewall is configured to deny traffic to all ports. The ports that are whitelisted in the firewall policy are excluded. When the server is deployed, only the ports required to access the server or required by the installed application are whitelisted in the firewall.

We recommend that you keep all unnecessary ports closed by default to increase the security of your server.

Additional information about firewall policies can be found here:

Firewall Policies

Keep Your Operating System Up to Date

If you order a server from 1&1 IONOS, it will always be shipped with the latest update, which is available for the operating system or distribution. Nevertheless, you should always keep the server up to date.

OOperating system updates are mainly offered to implement new features or to fix bugs or vulnerabilities. If a vulnerability in the operating system of a server is not fixed, hackers can exploit the vulnerability to gain access to the server.  

Patch management is therefore an important part of the maintenance of your systems. Since timely application of security updates is one of the most important and effective things you can do to protect your server, your patch management should be as efficient as possible.

Security Recommendations for Linux Servers

Public Key Authentication

Public key authentication is a secure alternative to the well-known classic authentication with user name and password.  The advantage of public key authentication is the higher security level, as SSH keys are much more complex and therefore more difficult to crack than passwords.

This method uses a private and a public key to authenticate users. The public key must be stored in the Cloud Panel to enable public key authentication. You can then assign the public key to one or more servers during server creation. If necessary, you can also assign multiple public keys to a server. The public key is automatically entered into the file root/.ssh/authorized_keys during the creation of the server. The private key is stored locally on your own computer. After the server is created, the user can log on to the server without a login password using the public key. If necessary, enter the password with which the public key is protected.

To protect your server even more effectively, you can also disable the SSH password authentication. You can make this setting while creating a new server. If you disable the SSH password authentication, the user can only log on to the server using public-key authentication. Authentication by means of password input is only possible in this case if the user logs into the server using the KVM console or the VNC console.

If you use public-key authentication, no one can access your server without the private key. This safety measure significantly reduces the risk of being hacked.

Additional information can be found here:

Generate SSH Key

Using Public Key Authentication to Establish an SSH Connection with PuTTy

 
Additional security measures

Attackers can do considerable damage if they manage to penetrate a server to steal data, manipulate data, or disrupt the availability of the server. In order to protect a server and its services against attacks and failures, the protection of the operating system as well as the services and applications installed on it is of crucial importance. We therefore recommend the following additional security measures to increase the security level of your server: 

Use strong passwords

Strong passwords are very important for the security of your server, because they make it more difficult to potencial attackers to easily gain access to your server. The following recommendations and tips will help you create a secure password and protect your server from unauthorized access:

  • Use a password that is not listed in dictionaries.

  • A secure password does not contain a complete word.

  • A secure password does not contain your username, real name or company name.

  • Do not use data from your personal environment such as birthdays, names, etc..

  • A secure password is very different from previous passwords you have used.

A secure password contains:

  • At least 8 characters

  • Upper and lower case letters

  • At least one number

  • At least one special character

Use the principle of least privileges

The least privileged user account (LUA) approach is an important part of this defense strategy. e LUA approach requires that users are given only those privileges which are essential for their work. This strategy can significantly reduce malware risks and the risks associated to incorrect configurations, which are done accidentally.

Restricting access to the server

Allow only authorized users to access the server.

Troubleshooting

If your server is running but cannot be reached via SSH or Remote Desktop Connection, first check which firewall policy is assigned to the server. If port 3389 is not shared in the firewall policy, you cannot establish a remote desktop connection to the server. If port 22 is not shared in the firewall policy, you cannot establish an SSH connection to the server.

If you cannot establish a remote desktop connection (Microsoft Windows Server) or an SSH connection (Linux) despite sharing the above ports, you can use the KVM console to log into your server. The KVM console allows remote maintenance of your system just as if you were sitting right in front of it. You can track the system messages like on a "real" screen and interact with the server at any time. For example, the server can be booted with other boot options or even with an alternate image in case of startup problems. This makes the KVM console ideal for advanced troubleshooting.

If you do not have access to the server because you have forgotten your password, please follow the steps described in the following articles:

Reset Administrator Password (Microsoft Windows)

Reset Your Root Password (Linux)

If you have problems with the server, you can use the Knoppix DVD to boot from it. With Knoppix you have an operating system at your disposal with which you can check the operating system of your server and repair it if necessary. Furthermore, with Knoppix you can also save the data that is on the server, e.g. if the data structure of the file system was destroyed.

Reinstalling the Server

You can use an image to restore your server to its default state at any time. Alternatively, you can create your own images and use them to restore your server.

You can also use images that contain certain pre-installed applications such as WordPress, Plesk or Magento. You can use these images to reinstall your server. In total, images for over 40 different applications are available.

When you reinstall the operating system, all data stored on the server is deleted. Therefore, make sure that you have a security copy of your data. For more information on reinstalling a server, click here:

Reinstalling an image

In addition, you can import a bootable image from a virtual machine to use for a reinstallation on existing servers or to create new servers. More information about Images can be found here:

Images