Yandex Cloud
Search
Contact UsGet started
  • Blog
  • Pricing
  • Documentation
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • ML & AI
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Customer Stories
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Education and Science
    • Yandex Cloud Partner program
  • Blog
  • Pricing
  • Documentation
© 2025 Direct Cursus Technology L.L.C.
Yandex Cloud Backup
  • Getting started
    • All guides
    • Activating the service
    • Viewing operations with resources
    • Viewing backup statistics
    • Service overview
    • Connecting a VM and BareMetal servers to the service
    • Backup policies
    • Backups
    • Interaction with an antivirus
    • Cloud Backup agent
    • Quotas
  • Access management
  • Terraform reference
  • Monitoring metrics
  • Audit Trails events
  • Release notes
  • Troubleshooting

In this article:

  • VM and BareMetal server specification requirements
  • Supported Cloud Marketplace images with automatic installation of the Cloud Backup agent
  • Linux-based images
  • Windows-based images
  • Unaided installation on a supported operating system
  • Updating the operating system kernel
  • Service account
  • Network access permissions
  • VM connection statuses
  • Use cases
  1. Concepts
  2. Connecting a VM and BareMetal servers to the service

Connecting Compute Cloud VMs and Yandex BareMetal servers to Cloud Backup

Written by
Yandex Cloud
Improved by
rc-connect
Updated at May 5, 2025
  • VM and BareMetal server specification requirements
  • Supported Cloud Marketplace images with automatic installation of the Cloud Backup agent
    • Linux-based images
    • Windows-based images
    • Unaided installation on a supported operating system
    • Updating the operating system kernel
  • Service account
  • Network access permissions
  • VM connection statuses
  • Use cases

If you want to back up your Yandex Compute Cloud instances or BareMetal servers in Cloud Backup, you need them connected VM to the service and properly set up.

BareMetal is at the Preview stage.

You can connect the following to Cloud Backup:

  • VMs created from supported Yandex Cloud Marketplace images. The Cloud Backup agent is installed automatically on such VMs.
  • VMs created from other images, if those images are supported by the Cyberprotect backup provider. You will need to install the Cloud Backup agent on such VMs manually.
  • BareMetal servers running a supported operating system. You can only install the Cloud Backup agent on BareMetal servers manually.

For more information about connecting to Cloud Backup, see these guides.

For the connection to work properly on the VM, link a service account with the backup.editor role to the VM and configure network access.

After connecting to Cloud Backup, add the VM or the BareMetal server to the backup policy.

Note

When initiating a backup, make sure the VM or BareMetal server is running.

A policy can also be linked to a virtual machine when creating it. A policy is linked asynchronously after you create and initialize a VM, as well as install and configure a Cloud Backup agent. This may take up to 10-15 minutes. For more information, see Linking a Yandex Cloud Backup policy to a VM automatically.

VM and BareMetal server specification requirementsVM and BareMetal server specification requirements

Minimum VM and BareMetal server specification to install and correctly run the Cloud Backup agent:

  • Free disk space:

    • For Linux-based VMs: 2 GB.
    • For Windows-based VMs: 1.2 GB.
  • RAM: For backups, 1 GB of RAM is required per 1 TB of backup. The RAM requirement depends on the amount and type of data processed by the Cloud Backup agent.

Supported Cloud Marketplace images with automatic installation of the Cloud Backup agentSupported Cloud Marketplace images with automatic installation of the Cloud Backup agent

The Cloud Backup agent is available for automatic installation on VMs when you create your VMs from the following Cloud Marketplace images:

Linux-based imagesLinux-based images

  • Astra Linux SE 1.7 Voronezh
  • Astra Linux SE 1.7 Orel
  • CentOS 7
  • CentOS 7 OS Login
  • CentOS Stream
  • Debian 12
  • Ubuntu 16.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 18.04 LTS OS Login
  • Ubuntu 20.04 LTS
  • Ubuntu 20.04 LTS OS Login
  • Ubuntu 22.04 LTS
  • Ubuntu 22.04 LTS OS Login
  • Ubuntu 24.04 LTS

Windows-based imagesWindows-based images

  • Kosmos VM 2022 based on Windows Server Datacenter 2022
  • Kosmos VM 2019 based on Windows Server Datacenter 2019
  • Kosmos VM 2016 based on Windows Server Datacenter 2016
  • Kosmos VM RDS (5 licenses)
  • Kosmos VM RDS (10 licenses)
  • Kosmos VM RDS (50 licenses)
  • Kosmos BD WEB 2019
  • Kosmos BD Standard 2019
  • Kosmos VM Visio Pro 2021

Note

The OS must be installed from a public image (a Yandex Cloud Marketplace product). When creating a VM, you can select the OS directly or use an image or disk snapshot of a different VM if its OS was also installed from a public image.

Automatic installation of the Cloud Backup agent is not currently supported on BareMetal servers: you can only install it manually.

Unaided installation on a supported operating systemUnaided installation on a supported operating system

You can install the Cloud Backup agent yourself on a VM or BareMetal server:

VM instance
BareMetal server
  • Guide for Linux
  • Guide for Windows

For a complete list of supported operating systems, see the backup provider documentation.

You can install the Cloud Backup agent on a server running one of these operating systems:

  • Debian 10.
  • Debian 11.
  • Ubuntu 16.04 LTS.
  • Ubuntu 18.04 LTS.
  • Ubuntu 20.04 LTS.
  • Ubuntu 22.04 LTS.
  • Ubuntu 24.04 LTS.

To install the agent on a server, follow this guide on connecting a BareMetal server to Cloud Backup.

If you have issues installing the Cloud Backup agent, contact support.

Updating the operating system kernelUpdating the operating system kernel

Updating the Linux kernel on a VM or BareMetal server connected to Cloud Backup may affect the performance of the Cloud Backup agent: it will not be able to create a backup of the VM/server or recover the VM/server from a backup.

This may affect the agent’s performance, since the SnapAPI module (developed by the backup provider for the agent to work with disks and built by the DKMS framework for a specific Linux kernel) may not update after updating the kernel and may therefore cease to match the kernel version.

To restore the Cloud Backup agent’s performance affected by a Linux kernel update, you need to update the version of the Linux kernel headers DKMS refers to when building the SnapAPI module. Once the kernel header version matches the kernel version, DKMS will rebuild the SnapAPI module for the required Linux kernel version at the next start of the VM or BareMetal server.

To update the Linux kernel header versions, follow these guides: Restoring the Cloud Backup agent on a VM and Restoring the Cloud Backup agent on a BareMetal server.

Service accountService account

Service account is a special account the Cloud Backup agent uses to get registered with the Cyberprotect provider.

When creating a VM you want to configure backups for in Cloud Backup, you need to link to it a service account with the backup.editor role.

You do not need to link the service account to the BareMetal server. The IAM token of the service account with the backup.editor role is provided to the Cloud Backup agent when installing it on the server.

You can assign the role to an existing service account or create a new service account with required roles.

Network access permissionsNetwork access permissions

For the Cloud Backup agent to be able to exchange data with the backup provider servers, make sure the VM or BareMetal server has network access to the IP addresses of the Cloud Backup resources as per the table below:

Outgoing traffic
Port range Protocol Destination name CIDR blocks
80 TCP CIDR 213.180.193.0/24
80 TCP CIDR 213.180.204.0/24
443 TCP CIDR 84.47.172.0/24
443 TCP CIDR 84.201.181.0/24
443 TCP CIDR 178.176.128.0/24
443 TCP CIDR 213.180.193.0/24
443 TCP CIDR 213.180.204.0/24
7770-7800 TCP CIDR 84.47.172.0/24
8443 TCP CIDR 84.47.172.0/24
44445 TCP CIDR 51.250.1.0/24
VM instance
BareMetal server

Assign the VM a public IP or use a route table that allows internet access via a NAT gateway or a custom router.

The VM's security group rules must allow access to the specified resources. You can add the rules to an existing security group or create a new group with the rules.

When ordering a server, select Automatically in the Public address field to assign a public IP address to the server.

Make sure the sever network settings do not block outgoing traffic to the specified resources.

VM connection statusesVM connection statuses

You can view info on the status of a VM connection to Cloud Backup using the management console, on the VM list page in Compute Cloud. The following statuses are available:

  • Connected: Cloud Backup is connected to the VM, backups are being created under the specified policies, the Cloud Backup agent is online.
  • No backup policy: Cloud Backup is connected, but no policies are set up, and backups are not being created.
  • Failed: Agent is offline, or agent registration failed.
  • Not connected: Cloud Backup is not connected to the VM.

You can view the VM connection status and learn more about the VM backup in the backup log.

Use casesUse cases

  • Connecting a Yandex BareMetal server to Cloud Backup
  • Linking a Yandex Cloud Backup policy to a VM automatically

Was the article helpful?

Previous
Service overview
Next
Backup policies
© 2025 Direct Cursus Technology L.L.C.