# Connecting Compute Cloud VMs and Yandex BareMetal servers to Cloud Backup


If you want to back up your [Yandex Compute Cloud](../../compute/index.md) [instances](../../compute/concepts/vm.md) or [BareMetal servers](../../baremetal/concepts/servers.md) in Cloud Backup, you need them connected VM to the service and properly set up.

You can connect the following to Cloud Backup:
* VMs created from [supported Yandex Cloud Marketplace images](#os). The Cloud Backup agent is installed automatically on such VMs.
* VMs created from other images, if those images are supported by the Cyberprotect backup [provider](index.md#providers). You will need to [install the Cloud Backup agent on such VMs manually](#self-install).
* BareMetal servers running a [supported](#self-install) operating system. You can install the Cloud Backup agent on BareMetal servers either [manually](#self-install) or automatically when [ordering](../../baremetal/operations/servers/server-lease.md) a server.

For more information about connecting to Cloud Backup, see these [guides](../operations/index.md).

For the Cloud Backup connection to work correctly, link to the resource a [service account](#sa) (with the `backup.user` role or higher for the VM or the `baremetal.editor` and the `backup.user` roles or higher for the BareMetal server) and configure [network access](#vm-network-access).

{% note tip %}

You do not have to use a service account when creating a VM using the [management console](https://console.yandex.cloud). However, the user creating the VM must have the `backup.user` [role](../security/index.md#backup-user) or higher for the folder in which the VM is created.

{% endnote %}

After connecting to Cloud Backup, [add](../operations/policy-vm/attach-and-detach-vm.md#attach-vm) the VM or the BareMetal server to the [backup policy](policy.md).

{% note info %}

When initiating a backup, make sure the VM or BareMetal server is running.

{% endnote %}

You can also link a policy to a VM or BareMetal server when creating the VM/ordering the server. A policy is linked asynchronously after you create and initialize a VM/server and after you install and configure the Cloud Backup agent. This may take up to 10-15 minutes. For more information on automatic linking of policies to VMs, see [Associating a Yandex Cloud Backup policy to a VM automatically](../tutorials/vm-with-backup-policy/index.md).

## VM and BareMetal server specification requirements {#requirements}

The minimum VM and BareMetal server specification to install and correctly run the Cloud Backup agent is as follows:

* Free disk space:

  * For Linux-based VMs: 2 GB.
  * For Windows-based VMs: 1.2 GB.

* RAM: For backups, 1 GB of RAM is required per 1 TB of backup. The RAM requirement depends on the amount and type of data processed by the [Cloud Backup agent](agent.md).

{% note tip %}

Installing a Cloud Backup agent is a resource-intensive operation. If you want to use a VM in the minimum possible configuration or, for example, a VM with a [vCPU performance level](../../compute/concepts/performance-levels.md) below 100%, we recommend increasing the VM's resources during the Cloud Backup agent installation.

{% endnote %}

For faster data [backup](../operations/backup-vm/create.md) and [recovery](../operations/backup-vm/recover.md), the [Cloud Backup agent](agent.md) can consume significant amounts of RAM of the backed up resource, i.e., [virtual machine](../../compute/concepts/vm.md) or [BareMetal server](../../baremetal/concepts/servers.md). The agent can even use up all the available RAM, which in some cases may disrupt the resource's other services and make it impossible to complete the backup or recovery process.

To prevent such issues, [limit](../operations/limit-agent-memory-usage.md) the amount of data the agent caches in RAM.

{% note info %}

Limiting the Cloud Backup agent's use of RAM may slow down the backup and recovery operations.

{% endnote %}

## Supported file systems {#file-systems}

#|
|| **File system** | **OS** | **Restrictions** ||
||
**FAT16/32**,
**ext2/ext3/ext4**,
**NTFS**
| Linux, Windows | No limit ||
||
**JFS**,
**ReiserFS3**
| Linux 
|
* You cannot exclude files from a disk backup.
* Fast incremental or differential backup is not supported.
|| 
|| 
**ReiserFS4** | Linux 
|
* You cannot exclude files from a disk backup.
* Fast incremental/differential backup is not supported.
* You cannot resize volumes while restoring. 
|| 
||
**ReFS**,
**XFS**
| Linux, Windows 
|
* You cannot exclude files from a disk backup.
* Fast incremental/differential backup is not supported.
* You cannot resize volumes while restoring. 
||
|| **Linux SWAP**     | Linux | No limit ||
|| **exFAT**          | Linux, Windows 
|
* Only disk/volume backups are supported.
* You cannot exclude files from a backup.
* You cannot restore single files from a backup.
||
|# {wide-content}

## Supported Cloud Marketplace images with automatic installation of the Cloud Backup agent {#os}


On VMs and BareMetal servers , the Cloud Backup agent is available for automatic installation when you create your VM/order a server using the following Cloud Marketplace images:

### Linux-based images {#linux}

{% list tabs group=backup_resource_type %}

- VM {#vm}

  * [CentOS 7](https://yandex.cloud/en/marketplace/products/yc/centos-7)
  * [CentOS 7 OS Login](https://yandex.cloud/en/marketplace/products/yc/centos-7-oslogin)
  * [CentOS Stream](https://yandex.cloud/en/marketplace/products/yc/centos-stream-8)
  * [Debian 12](https://yandex.cloud/en/marketplace/products/yc/debian-12)
  * [Ubuntu 16.04 LTS](https://yandex.cloud/en/marketplace/products/yc/ubuntu-16-04-lts)
  * [Ubuntu 18.04 LTS](https://yandex.cloud/en/marketplace/products/yc/ubuntu-18-04-lts)
  * [Ubuntu 18.04 LTS OS Login](https://yandex.cloud/en/marketplace/products/yc/ubuntu-1804-lts-oslogin)
  * [Ubuntu 20.04 LTS](https://yandex.cloud/en/marketplace/products/yc/ubuntu-20-04-lts)
  * [Ubuntu 20.04 LTS OS Login](https://yandex.cloud/en/marketplace/products/yc/ubuntu-2004-lts-oslogin)
  * [Ubuntu 22.04 LTS](https://yandex.cloud/en/marketplace/products/yc/ubuntu-22-04-lts)
  * [Ubuntu 22.04 LTS OS Login](https://yandex.cloud/en/marketplace/products/yc/ubuntu-2204-lts-oslogin)
  * [Ubuntu 24.04 LTS](https://yandex.cloud/en/marketplace/products/yc/ubuntu-2404-lts-oslogin)

- BareMetal server {#baremetal-server}

  * CentOS 7
  * Debian 11
  * Ubuntu 18.04 LTS
  * Ubuntu 20.04 LTS
  * Ubuntu 22.04 LTS
  * Ubuntu 24.04 LTS

{% endlist %}

### Windows-based images {#windows}

{% list tabs group=backup_resource_type %}

- VM {#vm}

    * [Kosmos VM 2022 based on Windows Server Datacenter 2022](https://yandex.cloud/en/marketplace/products/fotonsrv/kosmosvm2022)
  * [Kosmos VM 2019 based on Windows Server Datacenter 2019](https://yandex.cloud/en/marketplace/products/fotonsrv/kosmosvm2019)
  * [Kosmos VM 2016 based on Windows Server Datacenter 2016](https://yandex.cloud/en/marketplace/products/fotonsrv/kosmosvm2016)
  * [Kosmos VM RDS (5 licenses)](https://yandex.cloud/en/marketplace/products/fotonsrv/kos-5-rds)
  * [Kosmos VM RDS (10 licenses)](https://yandex.cloud/en/marketplace/products/fotonsrv/kos-10-rds)
  * [Kosmos VM RDS (50 licenses)](https://yandex.cloud/en/marketplace/products/fotonsrv/kos-50-rds)
  * [Kosmos BD WEB 2019](https://yandex.cloud/en/marketplace/products/fotonsrv/kosmosbdweb2019)
  * [Kosmos BD Standard 2019](https://yandex.cloud/en/marketplace/products/fotonsrv/kosmosbdstd2019)
  * [Kosmos VM Visio Pro 2021](https://yandex.cloud/en/marketplace/products/fotonsrv/kosmosvisio)

  {% note info %}

  The OS must be installed from a public image (a Yandex Cloud Marketplace product). When creating a VM, you can select the OS directly or use an [image](../../compute/concepts/image.md) or [disk snapshot](../../compute/concepts/snapshot.md) of a different VM if its OS was also installed from a public image.

  {% endnote %}

{% endlist %}

### Unaided installation on a supported operating system {#self-install}

You can install the Cloud Backup agent yourself on a VM or BareMetal server:

{% list tabs group=backup_resource_type %}

- VM instance {#vm}

  * [Guide for Linux](../operations/connect-vm-linux.md)
  * [Guide for Windows](../operations/connect-vm-windows.md)

  For a complete list of supported operating systems, see the [backup provider documentation](https://docs.cyberprotect.ru/ru-RU/CyberBackupCloud/21.06/user/#supported-operating-systems-and-environments.html).

- BareMetal server {#baremetal-server}

  You can install the Cloud Backup agent on a server running one of these operating systems:

  * CentOS 7.
  * Debian 11.
  * Ubuntu 16.04 LTS.
  * Ubuntu 18.04 LTS.
  * Ubuntu 20.04 LTS.
  * Ubuntu 22.04 LTS.
  * Ubuntu 24.04 LTS.

  To install the agent on a server, follow this [guide on connecting a BareMetal server to Cloud Backup](../operations/backup-baremetal/backup-baremetal.md).

{% endlist %}

If you have issues installing the Cloud Backup agent, [contact](https://center.yandex.cloud/support) support.

### Updating the operating system kernel {#os-kernel-update}

Updating the Linux [kernel](https://en.wikipedia.org/wiki/Linux_kernel) on a VM or BareMetal server connected to Cloud Backup may affect the performance of the Cloud Backup agent: it will not be able to create a backup of the VM/server or recover the VM/server from a backup.

This may affect the agent’s performance, since the SnapAPI module (developed by the [backup provider](index.md#providers) for the agent to work with disks and built by the [DKMS framework](https://en.wikipedia.org/wiki/Dynamic_Kernel_Module_Support) for a specific Linux kernel) may not update after updating the kernel and may therefore cease to match the kernel version. 

To restore the Cloud Backup agent’s performance affected by a Linux kernel update, you need to update the version of the Linux kernel headers DKMS refers to when building the SnapAPI module. Once the kernel header version matches the kernel version, DKMS will rebuild the SnapAPI module for the required Linux kernel version at the next start of the VM or BareMetal server.

To update the Linux kernel header versions, follow these guides: [Restoring the Cloud Backup agent on a VM](../operations/update-backup-agent.md#restore-agent) and [Restoring the Cloud Backup agent on a BareMetal server](../operations/backup-baremetal/restore-agent.md).

## Service account {#sa}

{% note info %}

You do not have to use a service account when creating a VM using the [management console](https://console.yandex.cloud). However, the user creating the VM must have the `backup.user` [role](../security/index.md#backup-user) or higher for the folder in which the VM is created.

{% endnote %}

[Service account](../../iam/concepts/users/service-accounts.md) is a special account the Cloud Backup agent uses to get registered with the Cyberprotect provider.

When creating a VM you want to configure backups for in Cloud Backup, you need to link to it a service account with the [`backup.user`](../security/index.md#backup-user) role or higher.

When ordering a BareMetal server you want to configure backups for in Cloud Backup, you need to link to it a service account with the [`baremetal.editor`](../../baremetal/security/index.md#baremetal-editor) and [`backup.user`](../security/index.md#backup-user) roles or higher.

You can [assign the role](../../iam/operations/sa/assign-role-for-sa.md) to an existing service account or [create](../../iam/operations/sa/create.md) a new service account with required roles.

## Network access permissions {#vm-network-access}

For the Cloud Backup agent to be able to exchange data with the [backup provider](index.md#providers) servers, make sure the VM or BareMetal server has network access to the IP addresses of the Cloud Backup resources as per the table below:

{% list tabs group=traffic %}

- Outgoing traffic {#outgoing}

  Port range | Protocol | Destination name | CIDR blocks
  --- | --- | --- | ---
  `80` | `TCP` | `CIDR` | `213.180.193.0/24`
  `80` | `TCP` | `CIDR` | `213.180.204.0/24`
  `443` | `TCP` | `CIDR` | `84.47.172.0/24`
  `443` | `TCP` | `CIDR` | `84.201.181.0/24`
  `443` | `TCP` | `CIDR` | `178.176.128.0/24`
  `443` | `TCP` | `CIDR` | `213.180.193.0/24`
  `443` | `TCP` | `CIDR` | `213.180.204.0/24`
  `7770-7800` | `TCP` | `CIDR` | `84.47.172.0/24`
  `8443` | `TCP` | `CIDR` | `84.47.172.0/24`
  `44445` | `TCP` | `CIDR` | `51.250.1.0/24`
  
  
  
  {% note tip %}
  
  When installing the [Cloud Backup agent](agent.md) on your VM or BareMetal server, you might need to install missing software components from the internet. To do this, add the following outgoing traffic rule to the [security group](../../vpc/concepts/security-groups.md):
  * **Port range**: `0-65535`.
  * **Protocol**: `Any`.
  * **Destination name**: `CIDR`.
  * **CIDR blocks**: `0.0.0.0/0`.
  
  Once the Cloud Backup agent is installed, you can delete this rule.
  
  To access the VM over [SSH](../../compute/operations/vm-connect/ssh.md), add the following incoming traffic rule:
  * **Port range**: `22`.
  * **Protocol**: `Any`.
  * **Destination name**: `CIDR`.
  * **CIDR blocks**: `0.0.0.0/0`.
  
  {% endnote %}

{% endlist %}

To provide network access:
{#provide-access}

{% list tabs group=backup_resource_type %}

- VM {#vm}

  [Assign](../../compute/operations/vm-control/vm-attach-public-ip.md) the VM a public IP or use a [route table](../../vpc/concepts/routing.md#rt-vm) that allows internet access via a [NAT gateway](../../vpc/concepts/gateways.md) or a custom router.

  The VM's [security group](../../vpc/concepts/security-groups.md) rules must allow access to the specified resources. You can [add the rules](../../vpc/operations/security-group-add-rule.md) to an existing security group or [create](../../vpc/operations/security-group-create.md) a new group with the rules.

- BareMetal server {#baremetal-server}

  When [ordering a server](../../baremetal/operations/servers/server-lease.md), select `From ephemeral subnet` or `From a dedicated subnet` in the **Public address** field to assign a public IP address to the server.

  Make sure the sever network settings do not block outgoing traffic to the specified resources.

{% endlist %}

## Connection statuses {#statuses}

{% list tabs group=backup_resource_type %}

- VM {#vm}

  You can view info on the status of a VM connection to Cloud Backup using the [management console](https://console.yandex.cloud), on the VM list page in **Compute Cloud**. The following statuses are available:
  
  * `Connected`: Cloud Backup is connected to the VM, backups are being created under the specified policies, the Cloud Backup agent is online.
  * `No backup policy`: Cloud Backup is connected, but no policies are set up, and backups are not being created.
  * `Failed`: Agent is offline, or agent registration failed.
  * `Not connected`: Cloud Backup is not connected to the VM.
  
  You can [view](../operations/get-journal.md) the VM connection status and [learn](../operations/get-connection-status.md) more about the VM backup in the backup log.

- BareMetal server {#baremetal-server}

  You can view the server connection to Cloud Backup status info in the [management console](https://console.yandex.cloud) on the server list page in **BareMetal**. The following statuses are available:

  * `Connected`: Cloud Backup is connected to the server, backups are being created as per the specified policies, the Cloud Backup agent is online.
  * `No backup policy`: Cloud Backup is connected, but there are no associated policies; no backups are being created.
  * `Failed`: Agent is offline, or agent registration failed.
  * `Not connected`: Cloud Backup is not connected to the server.

{% endlist %}

## Use cases {#examples}

* [Connecting a Yandex BareMetal server to Cloud Backup](../tutorials/backup-baremetal.md)
* [Associating a Yandex Cloud Backup policy to a VM automatically](../tutorials/vm-with-backup-policy/index.md)