Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Connecting Compute Cloud VMs and Yandex BareMetal servers to Cloud Backup

Written by
Improved by
Updated at June 11, 2025

If you want to back up your Yandex Compute Cloud instances or BareMetal servers in Cloud Backup, you need them connected VM to the service and properly set up.

You can connect the following to Cloud Backup:

For more information about connecting to Cloud Backup, see these guides.

For the Cloud Backup connection to work correctly, link a service account (with the backup.editor role for the VM and the baremetal.editor and the backup.editor roles for the BareMetal server) to the resource and configure network access.

After connecting to Cloud Backup, add the VM or the BareMetal server to the backup policy.

Note

When initiating a backup, make sure the VM or BareMetal server is running.

You can also link a policy to a VM or BareMetal server when creating the VM/ordering the server. A policy is linked asynchronously after you create and initialize a VM/server and after you install and configure the Cloud Backup agent. This may take up to 10-15 minutes. For more information on automatic linking of policies to VMs, see Linking a Yandex Cloud Backup policy to a VM automatically.

VM and BareMetal server specification requirements

The minimum VM and BareMetal server specification to install and correctly run the Cloud Backup agent is as follows:

  • Free disk space:

    • For Linux-based VMs: 2 GB.
    • For Windows-based VMs: 1.2 GB.

  • RAM: For backups, 1 GB of RAM is required per 1 TB of backup. The RAM requirement depends on the amount and type of data processed by the Cloud Backup agent.

For faster data backup and recovery, the Cloud Backup agent can consume significant amounts of RAM of the backed up resource, i.e., virtual machine or BareMetal server. The agent can even use up all the available RAM, which in some cases may disrupt the resource's other services and make it impossible to complete the backup or recovery process.

To prevent such issues, limit the amount of data the agent caches in RAM.

Note

Limiting the Cloud Backup agent's use of RAM may slow down the backup and recovery operations.

Supported Cloud Marketplace images with automatic installation of the Cloud Backup agent

On VMs and BareMetal servers , the Cloud Backup agent is available for automatic installation when you create your VM/order a server using the following Cloud Marketplace images:

Linux-based images

  • CentOS 7
  • Debian 10
  • Debian 11
  • Ubuntu 18.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 22.04 LTS
  • Ubuntu 24.04 LTS

Windows-based images

Note

The OS must be installed from a public image (a Yandex Cloud Marketplace product). When creating a VM, you can select the OS directly or use an image or disk snapshot of a different VM if its OS was also installed from a public image.

Unaided installation on a supported operating system

You can install the Cloud Backup agent yourself on a VM or BareMetal server:

For a complete list of supported operating systems, see the backup provider documentation.

You can install the Cloud Backup agent on a server running one of these operating systems:

  • CentOS 7
  • Debian 10.
  • Debian 11.
  • Ubuntu 16.04 LTS.
  • Ubuntu 18.04 LTS.
  • Ubuntu 20.04 LTS.
  • Ubuntu 22.04 LTS.
  • Ubuntu 24.04 LTS.

To install the agent on a server, follow this guide on connecting a BareMetal server to Cloud Backup.

If you have issues installing the Cloud Backup agent, contact support.

Updating the operating system kernel

Updating the Linux kernel on a VM or BareMetal server connected to Cloud Backup may affect the performance of the Cloud Backup agent: it will not be able to create a backup of the VM/server or recover the VM/server from a backup.

This may affect the agent’s performance, since the SnapAPI module (developed by the backup provider for the agent to work with disks and built by the DKMS framework for a specific Linux kernel) may not update after updating the kernel and may therefore cease to match the kernel version.

To restore the Cloud Backup agent’s performance affected by a Linux kernel update, you need to update the version of the Linux kernel headers DKMS refers to when building the SnapAPI module. Once the kernel header version matches the kernel version, DKMS will rebuild the SnapAPI module for the required Linux kernel version at the next start of the VM or BareMetal server.

To update the Linux kernel header versions, follow these guides: Restoring the Cloud Backup agent on a VM and Restoring the Cloud Backup agent on a BareMetal server.

Service account

Service account is a special account the Cloud Backup agent uses to get registered with the Cyberprotect provider.

When creating a VM you want to configure backups for in Cloud Backup, you need to link to it a service account with the backup.editor role.

When ordering a BareMetal server you want to configure backups for in Cloud Backup, you need to link to it a service account with the baremetal.editor and backup.editor roles.

You can assign the role to an existing service account or create a new service account with required roles.

Network access permissions

For the Cloud Backup agent to be able to exchange data with the backup provider servers, make sure the VM or BareMetal server has network access to the IP addresses of the Cloud Backup resources as per the table below:

Port range Protocol Destination name CIDR blocks
80 TCP CIDR 213.180.193.0/24
80 TCP CIDR 213.180.204.0/24
443 TCP CIDR 84.47.172.0/24
443 TCP CIDR 84.201.181.0/24
443 TCP CIDR 178.176.128.0/24
443 TCP CIDR 213.180.193.0/24
443 TCP CIDR 213.180.204.0/24
7770-7800 TCP CIDR 84.47.172.0/24
8443 TCP CIDR 84.47.172.0/24
44445 TCP CIDR 51.250.1.0/24

To provide network access:

Assign the VM a public IP or use a route table that allows internet access via a NAT gateway or a custom router.

The VM's security group rules must allow access to the specified resources. You can add the rules to an existing security group or create a new group with the rules.

When ordering a server, select Automatic or From a dedicated subnet in the Public address field to assign a public IP address to the server.

Make sure the sever network settings do not block outgoing traffic to the specified resources.

Connection statuses

You can view info on the status of a VM connection to Cloud Backup using the management console, on the VM list page in Compute Cloud. The following statuses are available:

  • Connected: Cloud Backup is connected to the VM, backups are being created under the specified policies, the Cloud Backup agent is online.
  • No backup policy: Cloud Backup is connected, but no policies are set up, and backups are not being created.
  • Failed: Agent is offline, or agent registration failed.
  • Not connected: Cloud Backup is not connected to the VM.

You can view the VM connection status and learn more about the VM backup in the backup log.

You can view the server connection to Cloud Backup status info in the management console on the server list page in BareMetal. The following statuses are available:

  • Connected: Cloud Backup is connected to the server, backups are being created as per the specified policies, the Cloud Backup agent is online.
  • No backup policy: Cloud Backup is connected, but no policy has been assigned, no backups are being created.
  • Failed: The agent is offline or failed to register.
  • Not connected: Cloud Backup is not connected to the server.

Use cases

Previous
Service overview
Next
Backup policies