Getting started with Yandex Cloud Backup
Cloud Backup is a service for creating backups and restoring Yandex Cloud resources and their data.
Create a Yandex Compute Cloud VM with Cloud Backup connection and link it to a backup policy.
For more information on the minimum required VM characteristics and supported operating systems, see Connecting Compute Cloud VMs to Cloud Backup.
To get started with Cloud Backup:
- Prepare your cloud.
- Create an infrastructure.
- Activate Cloud Backup.
- Create a VM.
- Link your VM to a backup policy.
If you no longer need the resources you created, delete them.
Note
Cloud Backup also supports Yandex BareMetal server backups. For details, see Connecting a BareMetal server to Cloud Backup.
BareMetal will be released at the Preview stage in Q4 2024.
Prepare your cloud
Sign up for Yandex Cloud and create a billing account:
- Go to the management console
and log in to Yandex Cloud or create an account if you do not have one yet. - On the Yandex Cloud Billing
page, make sure you have a billing account linked and it has theACTIVE
orTRIAL_ACTIVE
status. If you do not have a billing account, create one.
If you have an active billing account, you can go to the cloud page
Learn more about clouds and folders.
Required paid resources
The cost of VM backup resources includes:
- Fee for VM computing resources and disks (see Yandex Compute Cloud pricing).
- Fee for protected VMs and backup storage (see Yandex Cloud Backup pricing).
Create an infrastructure
Prepare a network
You can use an existing cloud network and subnet or create new ones.
Creating a cloud network with subnets
-
In the management console
, go to the folder you want to create a VM with a Cloud Backup connection in. -
In the list of services, select Virtual Private Cloud.
-
Click Create network.
-
In the Name field, enter a name for the network. The naming requirements are as follows:
- The name must be from 3 to 63 characters long.
- It may contain lowercase Latin letters, numbers, and hyphens.
- The first character must be a letter and the last character cannot be a hyphen.
-
Keep Create subnets enabled.
-
Click Create network.
For more information, see Creating a cloud network.
Configure the security group
You can use an existing security group or create a new one.
Creating a new security group
- In the management console
, go to the folder you want to create a VM with a Cloud Backup connection in. - In the list of services, select Virtual Private Cloud.
- In the left-hand panel, select
Security groups. - Click Create security group.
- Enter a name for the security group.
- In the Network field, select the network that the security group will refer to.
- Click Create.
Add VM outgoing traffic rules to the security group:
-
In the management console
, go to the folder you want to create a VM with a Cloud Backup connection in. -
In the list of services, select Virtual Private Cloud.
-
In the left-hand panel, select
Security groups. -
Next to the security group you want to add rules to, click
and select Edit. -
Under Rules, go to the Egress tab and click Add rule.
-
Add the following outgoing traffic rules one by one:
Port range Protocol Destination name CIDR blocks 80
TCP
CIDR
213.180.193.0/24
80
TCP
CIDR
213.180.204.0/24
443
TCP
CIDR
84.47.172.0/24
443
TCP
CIDR
84.201.181.0/24
443
TCP
CIDR
178.176.128.0/24
443
TCP
CIDR
213.180.193.0/24
443
TCP
CIDR
213.180.204.0/24
7770-7800
TCP
CIDR
84.47.172.0/24
8443
TCP
CIDR
84.47.172.0/24
44445
TCP
CIDR
51.250.1.0/24
-
Click Save.
For more information, see Creating a security group.
Set up a service account
-
In the management console
, select the folder you want to create a VM with a Cloud Backup connection in. -
In the list of services, select Identity and Access Management.
-
Click Create service account.
-
Enter a name for the service account. The name format requirements are as follows:
- The name must be from 3 to 63 characters long.
- It may contain lowercase Latin letters, numbers, and hyphens.
- The first character must be a letter and the last character cannot be a hyphen.
-
Click
Add role and select thebackup.editor
role. -
Click Create.
For more information, see Creating a service account.
Activate Cloud Backup
To activate the service, you need at least the backup.editor
role for the folder where you want to create a VM with a Cloud Backup connection.
-
In the management console
, select the folder you want to create a VM with a Cloud Backup connection in. -
In the list of services, select Cloud Backup.
-
If you have not activated Cloud Backup yet, click Activate.
If there is no Activate button, and you have access to creating a VM with a Cloud Backup connection, it means the service has already been activated. Proceed to the next step.
Create a VM
-
In the management console
, select the folder you want to create a VM with a Cloud Backup connection in. -
In the list of services, select Compute Cloud.
-
In the left-hand panel, select
Virtual machines. -
Click Create virtual machine.
-
Under Boot disk image, select one of the images with a supported operating system, e.g., Ubuntu 20.04.
-
Under Location, select an availability zone to place your VM in.
-
Under Disks and file storages and Computing resources, set the preferred VM parameters.
A VM's minimum configuration required to install and correctly run the Cloud Backup agent is as follows:
-
Free disk space:
- For Linux-based VMs: 2 GB.
- For Windows-based VMs: 1.2 GB.
-
RAM: For backups, 1 GB of RAM is required per TB of a backup. The amount of RAM used depends on the volume and type of data handled by the agent.
-
-
Under Network settings:
-
In the Subnet field, select the subnet you prepared earlier.
-
In the Public IP field, select
Auto
.Instead of assigning a public IP address to your VM, you can link the subnet hosting this VM to a route table allowing internet access via a NAT gateway or a custom router.
-
In the Security groups field, select the security group you configured earlier.
-
-
Under Access:
-
Select Access via OS Login to connect and manage access to the new VM using OS Login in Yandex Cloud Organization.
With OS Login, you can connect to VMs using SSH keys and SSH certificates via a standard SSH client or the Yandex Cloud CLI. OS Login allows you to rotate the SSH keys used to access the VM, providing the most secure access option.
-
If you prefer not to use OS Login, select SSH key and specify the following info for VM access:
-
Under Login, enter the username.
Alert
Do not use
root
or other usernames reserved by the OS. To perform operations requiring superuser permissions, use thesudo
command. -
In the SSH key field, select the SSH key saved in your organization user profile.
If there are no saved SSH keys in your profile, or you want to add a new key:
- Click Add key.
- Enter a name for the SSH key.
- Upload or paste the contents of the public key file. You need to create](../../../compute/operations/vm-connect/ssh.md#creating-ssh-keys) a key pair for the SSH connection to a VM yourself.
- Click Add.
The SSH key will be added to your organization user profile.
If users cannot add SSH keys to their profiles in the organization, the added public SSH key will only be saved to the user profile of the VM being created.
-
If you want to add several users with SSH keys to the VM at the same time, specify these users' data under Metadata. You can also use metadata to install additional software on a VM when creating it.
In public Linux images provided by Yandex Cloud, the functionality of connecting over SSH using login and password is disabled by default.
-
-
Under General information, specify the VM name:
- The name must be from 3 to 63 characters long.
- It may contain lowercase Latin letters, numbers, and hyphens.
- The first character must be a letter and the last character cannot be a hyphen.
-
Under Additional:
- Select the service account you created earlier.
- Enable Cloud Backup.
- Optionally, select a backup policy or click Create to create a new one.
-
Click Create VM.
For more information, see Creating VMs.
Link your VM to a backup policy
When the VM switches to the Running
status, a Cloud Backup agent will start installing on it. This may take from 5 to 10 minutes.
-
Make sure the Cloud Backup agent has been installed:
Management console- In the management console
, select the folder the service is activated in. - In the list of services, select Compute Cloud.
- Select the appropriate VM.
- Check that the value of the Cloud Backup field in the Backups section is
Connected
.
Once you install the agent, the VM will be added to Cloud Backup in the
Virtual machines tab and you will be able to link it to a backup policy. If you selected a backup policy when creating the VM, then the VM is already linked to the policy and no further action is required.Note
If the Cloud Backup agent fails to install within 10 minutes, contact
support to diagnose the issue. - In the management console
-
Link your VM to a backup policy:
Management console- In the management console
, select the folder the service is activated in. - In the list of services, select Cloud Backup.
- Go to the
Backup policies tab. - Select one of the policies created by default.
- Under Virtual machines, click
Attach VM. - Select the VM from the list and click Attach.
You can also link your VM to a backup policy in Compute Cloud:
Management console- In the management console
, select the folder the service is activated in. - In the list of services, select Compute Cloud.
- Select the appropriate VM.
- Under Backups, click
in the Backup policies field. - Select one of the policies created by default and click Save.
- In the management console
How to delete the resources you created
To stop paying for the resources you created: