Connecting Compute Cloud VMs and Yandex BareMetal servers to Cloud Backup
If you want to back up your Yandex Compute Cloud instances or BareMetal servers in Cloud Backup, you need them connected VM to the service and properly set up.
BareMetal is at the Preview stage.
You can connect the following to Cloud Backup:
- VMs created from supported Yandex Cloud Marketplace images. The Cloud Backup agent is installed automatically on such VMs.
- VMs created from other images, if those images are supported by the Cyberprotect backup provider. You will need to install the Cloud Backup agent on such VMs manually.
- BareMetal servers running a supported operating system. You can only install the Cloud Backup agent on BareMetal servers manually.
For more information about connecting to Cloud Backup, see these guides.
For the connection to work properly on the VM, link a service account with the backup.editor role to the VM and configure network access.
After connecting to Cloud Backup, add the VM or the BareMetal server to the backup policy.
Note
When initiating a backup, make sure the VM or BareMetal server is running.
A policy can also be linked to a virtual machine when creating it. A policy is linked asynchronously after you create and initialize a VM, as well as install and configure a Cloud Backup agent. This may take up to 10-15 minutes. For more information, see Linking a Yandex Cloud Backup policy to a VM automatically.
VM and BareMetal server specification requirements
Minimum VM and BareMetal server specification to install and correctly run the Cloud Backup agent:
-
Free disk space:
- For Linux-based VMs: 2 GB.
- For Windows-based VMs: 1.2 GB.
-
RAM: For backups, 1 GB of RAM is required per 1 TB of backup. The RAM requirement depends on the amount and type of data processed by the Cloud Backup agent.
Supported Cloud Marketplace images with automatic installation of the Cloud Backup agent
The Cloud Backup agent is available for automatic installation on VMs when you create your VMs from the following Cloud Marketplace images:
Linux-based images
- Astra Linux SE 1.7 Voronezh
- Astra Linux SE 1.7 Orel
- CentOS 7
- CentOS 7 OS Login
- CentOS Stream
- Debian 12
- Ubuntu 16.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 18.04 LTS OS Login
- Ubuntu 20.04 LTS
- Ubuntu 20.04 LTS OS Login
- Ubuntu 22.04 LTS
- Ubuntu 22.04 LTS OS Login
- Ubuntu 24.04 LTS
Windows-based images
- Kosmos VM 2022 based on Windows Server Datacenter 2022
- Kosmos VM 2019 based on Windows Server Datacenter 2019
- Kosmos VM 2016 based on Windows Server Datacenter 2016
- Kosmos VM RDS (5 licenses)
- Kosmos VM RDS (10 licenses)
- Kosmos VM RDS (50 licenses)
- Kosmos BD WEB 2019
- Kosmos BD Standard 2019
- Kosmos VM Visio Pro 2021
Note
The OS must be installed from a public image (a Yandex Cloud Marketplace product). When creating a VM, you can select the OS directly or use an image or disk snapshot of a different VM if its OS was also installed from a public image.
Automatic installation of the Cloud Backup agent is not currently supported on BareMetal servers: you can only install it manually.
Unaided installation on a supported operating system
You can install the Cloud Backup agent yourself on a VM or BareMetal server:
For a complete list of supported operating systems, see the backup provider documentation.
You can install the Cloud Backup agent on a server running one of these operating systems:
- Debian 10.
- Debian 11.
- Ubuntu 16.04 LTS.
- Ubuntu 18.04 LTS.
- Ubuntu 20.04 LTS.
- Ubuntu 22.04 LTS.
- Ubuntu 24.04 LTS.
To install the agent on a server, follow this guide on connecting a BareMetal server to Cloud Backup.
If you have issues installing the Cloud Backup agent, contact support.
Updating the operating system kernel
Updating the Linux kernel on a VM or BareMetal server connected to Cloud Backup may affect the performance of the Cloud Backup agent: it will not be able to create a backup of the VM/server or recover the VM/server from a backup.
This may affect the agent’s performance, since the SnapAPI module (developed by the backup provider for the agent to work with disks and built by the DKMS framework for a specific Linux kernel) may not update after updating the kernel and may therefore cease to match the kernel version.
To restore the Cloud Backup agent’s performance affected by a Linux kernel update, you need to update the version of the Linux kernel headers DKMS refers to when building the SnapAPI module. Once the kernel header version matches the kernel version, DKMS will rebuild the SnapAPI module for the required Linux kernel version at the next start of the VM or BareMetal server.
To update the Linux kernel header versions, follow these guides: Restoring the Cloud Backup agent on a VM and Restoring the Cloud Backup agent on a BareMetal server.
Service account
Service account is a special account the Cloud Backup agent uses to get registered with the Cyberprotect provider.
When creating a VM you want to configure backups for in Cloud Backup, you need to link to it a service account with the backup.editor role.
You do not need to link the service account to the BareMetal server. The IAM token of the service account with the backup.editor role is provided to the Cloud Backup agent when installing it on the server.
You can assign the role to an existing service account or create a new service account with required roles.
Network access permissions
For the Cloud Backup agent to be able to exchange data with the backup provider servers, make sure the VM or BareMetal server has network access to the IP addresses of the Cloud Backup resources as per the table below:
| Port range | Protocol | Destination name | CIDR blocks |
|---|---|---|---|
80 |
TCP |
CIDR |
213.180.193.0/24 |
80 |
TCP |
CIDR |
213.180.204.0/24 |
443 |
TCP |
CIDR |
84.47.172.0/24 |
443 |
TCP |
CIDR |
84.201.181.0/24 |
443 |
TCP |
CIDR |
178.176.128.0/24 |
443 |
TCP |
CIDR |
213.180.193.0/24 |
443 |
TCP |
CIDR |
213.180.204.0/24 |
7770-7800 |
TCP |
CIDR |
84.47.172.0/24 |
8443 |
TCP |
CIDR |
84.47.172.0/24 |
44445 |
TCP |
CIDR |
51.250.1.0/24 |
Assign the VM a public IP or use a route table that allows internet access via a NAT gateway or a custom router.
The VM's security group rules must allow access to the specified resources. You can add the rules to an existing security group or create a new group with the rules.
When ordering a server, select Automatically in the Public address field to assign a public IP address to the server.
Make sure the sever network settings do not block outgoing traffic to the specified resources.
VM connection statuses
You can view info on the status of a VM connection to Cloud Backup using the management console, on the VM list page in Compute Cloud. The following statuses are available:
Connected: Cloud Backup is connected to the VM, backups are being created under the specified policies, the Cloud Backup agent is online.No backup policy: Cloud Backup is connected, but no policies are set up, and backups are not being created.Failed: Agent is offline, or agent registration failed.Not connected: Cloud Backup is not connected to the VM.
You can view the VM connection status and learn more about the VM backup in the backup log.