Connecting Compute Cloud VMs and Yandex BareMetal servers to Cloud Backup
If you want to back up your Yandex Compute Cloud instances or BareMetal servers in Cloud Backup, you need them connected VM to the service and properly set up.
For information on using BareMetal servers, see Connecting a BareMetal server to Cloud Backup. BareMetal is at the Preview stage.
You can connect the following to Cloud Backup:
- VMs created from supported Yandex Cloud Marketplace images. The Cloud Backup agent is installed automatically on such VMs.
- VMs created from other images, if those images are supported by the Cyberprotect backup provider. You will need to install the Cloud Backup agent on such VMs manually.
- BareMetal servers running a supported operating system. You can only install the Cloud Backup agent on BareMetal servers manually.
For more information about connecting to Cloud Backup, see these guides.
For the connection to work properly on the VM, link a service account with the backup.editor role to the VM and configure network access. You do not need to link the service account to BareMetal servers.
After connecting to Cloud Backup, add the VM or the BareMetal server to the backup policy.
Note
When initiating a backup, make sure the VM or BareMetal server is running.
You can also link a policy to a virtual machine while creating it. A policy is linked asynchronously after you create and initialize a VM, as well as install and configure a backup agent. This may take up to 10-15 minutes. For more information, see Linking a Yandex Cloud Backup policy to a VM automatically.
VM and BareMetal server specification requirements
Minimum VM and BareMetal server specification to install and correctly run the Cloud Backup agent:
-
Free disk space:
- For Linux-based VMs: 2 GB.
- For Windows-based VMs: 1.2 GB.
-
RAM: For backups, 1 GB of RAM is required per 1 TB of backup. The RAM requirement depends on the volume and type of data processed by the agent.
Supported Cloud Marketplace images with automatic installation of the Cloud Backup agent
The Cloud Backup agent is available for automatic installation on VMs when you create your VMs from the following Cloud Marketplace images:
Linux-based images
- Astra Linux SE 1.7 Voronezh
- Astra Linux SE 1.7 Orel
- CentOS 7
- CentOS 7 OS Login
- CentOS Stream
- Debian 12
- Ubuntu 16.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 18.04 LTS OS Login
- Ubuntu 20.04 LTS
- Ubuntu 20.04 LTS OS Login
- Ubuntu 22.04 LTS
- Ubuntu 22.04 LTS OS Login
Windows-based images
- Kosmos VM 2022 based on Windows Server Datacenter 2022
- Kosmos VM 2019 based on Windows Server Datacenter 2019
- Kosmos VM 2016 based on Windows Server Datacenter 2016
- Kosmos VM RDS (5 licenses)
- Kosmos VM RDS (10 licenses)
- Kosmos VM RDS (50 licenses)
- Kosmos BD WEB 2019
- Kosmos BD Standard 2019
- Kosmos VM Visio Pro 2021
Note
The OS must be installed from a public image (a Yandex Cloud Marketplace product). When creating a VM, you can select the OS directly or use an image or disk snapshot of a different VM if its OS was also installed from a public image.
Automatic installation of the Cloud Backup agent is not currently supported on BareMetal servers: you can only install it manually.
Unaided installation on a supported operating system
You can install the Cloud Backup agent yourself on a VM or BareMetal server:
For a complete list of supported operating systems, see the backup provider documentation.
You can install the Cloud Backup agent on a server running one of these operating systems:
- Debian 10.
- Debian 11.
- Ubuntu 16.04 LTS.
- Ubuntu 18.04 LTS.
- Ubuntu 20.04 LTS.
- Ubuntu 22.04 LTS.
To install the agent on a server, follow this guide on connecting a BareMetal server to Cloud Backup.
If you have issues while installing the agent, contact technical support.
Service account
Service account is a special account the Cloud Backup agent uses to get registered with the Cyberprotect provider.
When creating a VM you want to configure backups for in Cloud Backup, you need to link to it a service account with the backup.editor role.
You do not need to link the service account to the BareMetal server. The IAM token of the service account with the backup.editor role is provided to the Cloud Backup agent when installing it on the server.
You can assign the role to an existing service account or create a new service account with required roles.
Network access permissions
For the Cloud Backup agent to be able to exchange data with the backup provider servers, make sure the VM or BareMetal server has network access to the IP addresses of the Cloud Backup resources as per the table below:
| Port range | Protocol | Destination name | CIDR blocks |
|---|---|---|---|
80 |
TCP |
CIDR |
213.180.193.0/24 |
80 |
TCP |
CIDR |
213.180.204.0/24 |
443 |
TCP |
CIDR |
84.47.172.0/24 |
443 |
TCP |
CIDR |
84.201.181.0/24 |
443 |
TCP |
CIDR |
178.176.128.0/24 |
443 |
TCP |
CIDR |
213.180.193.0/24 |
443 |
TCP |
CIDR |
213.180.204.0/24 |
7770-7800 |
TCP |
CIDR |
84.47.172.0/24 |
8443 |
TCP |
CIDR |
84.47.172.0/24 |
44445 |
TCP |
CIDR |
51.250.1.0/24 |
Assign the VM a public IP or use a route table that allows internet access via a NAT gateway or a custom router.
The VM's security group rules must allow access to the specified resources. You can add the rules to an existing security group or create a new group with the rules.
When ordering a server, select Automatically in the Public address field to assign a public IP address to the server.
Make sure the sever network settings do not block outgoing traffic to the specified resources.