[Yandex Cloud documentation](../../index.md) > [Yandex BareMetal](../index.md) > [Tutorials](index.md) > Connecting an existing BareMetal server to Cloud Backup

# Connecting a BareMetal server to Yandex Cloud Backup

# Connecting an existing Yandex BareMetal server to Yandex Cloud Backup


You can connect an existing [BareMetal server](../concepts/servers.md) to Cloud Backup and configure backups of its data.

For more information about connecting a BareMetal server to Cloud Backup when ordering it, see [Leasing a Yandex BareMetal server connected to Cloud Backup](../../backup/operations/backup-baremetal/lease-server-with-backup.md).

For more information on managing BareMetal servers, see [Step-by-step guides for Yandex BareMetal](../operations/index.md).

Connecting to Cloud Backup is supported for servers running the following operating systems: {#os-support}

* CentOS 7.
* Debian 11.
* Ubuntu 16.04 LTS.
* Ubuntu 18.04 LTS.
* Ubuntu 20.04 LTS.
* Ubuntu 22.04 LTS.
* Ubuntu 24.04 LTS.

To connect an existing server to Cloud Backup:
1. [Get your cloud ready](#before-you-begin).
1. [Create a service account](#prepare-service-account).
1. [Activate Cloud Backup](#activate-provider).
1. [Lease a test server](#server-lease).
1. [Connect to the server](#server-connect).
1. [Install the Cloud Backup agent](#agent-install).
1. [Associate the server with a backup policy](#assign-policy).
1. [Run the backup process](#execute-policy).
1. [Restore your server from the backup](#server-recovery).

See also [How to cancel a lease and delete resources](#clear-out).

## Get your cloud ready {#before-you-begin}

Sign up for Yandex Cloud and create a [billing account](../../billing/concepts/billing-account.md):
1. Navigate to the [management console](https://console.yandex.cloud) and log in to Yandex Cloud or create a new account.
1. On the **[Yandex Cloud Billing](https://center.yandex.cloud/billing/accounts)** page, make sure you have a billing account linked and it has the `ACTIVE` or `TRIAL_ACTIVE` [status](../../billing/concepts/billing-account-statuses.md). If you do not have a billing account, [create one](../../billing/quickstart/index.md) and [link](../../billing/operations/pin-cloud.md) a cloud to it.

If you have an active billing account, you can create or select a [folder](../../resource-manager/concepts/resources-hierarchy.md#folder) for your infrastructure on the [cloud page](https://console.yandex.cloud/cloud).

[Learn more about clouds and folders here](../../resource-manager/concepts/resources-hierarchy.md).

### Required paid resources {#paid-resources}

The infrastructure support cost includes:
* Server lease fee (see [Yandex BareMetal pricing](../pricing.md)).
* Fee for the BareMetal server connected to Cloud Backup and the backup size (see [Yandex Cloud Backup pricing](../../backup/pricing.md)).

Traffic transmitted between Yandex BareMetal and [Yandex Cloud Backup](../../backup/index.md) is free of charge.

## Create a service account {#prepare-service-account}

{% list tabs group=instructions %}

- Management console {#console}

  1. In the [management console](https://console.yandex.cloud), select the folder where you want to lease a BareMetal server.
  1. Navigate to **Identity and Access Management**.
  1. Click **Create service account**.
  1. Enter a name for the [service account](../../iam/concepts/users/service-accounts.md). The naming requirements are as follows:

      * Length: between 3 and 63 characters.
      * It can only contain lowercase Latin letters, numbers, and hyphens.
      * It must start with a letter and cannot end with a hyphen.

  1. Click ![plus-sign](../../_assets/console-icons/plus.svg) **Add role** and [assign](../../iam/operations/sa/assign-role-for-sa.md) the `backup.user` or higher and `baremetal.editor` roles to the service account.
  1. Click **Create**.
  1. Select the service account you created by clicking the row with its name.
  1. In the top panel, click **Create new key**.
  1. Select **Create authorized key**.
  1. Select an encryption algorithm and click **Create**.
  1. In the window that opens, click **Download file with keys** and then click **Close**.

  You will need the authorized key of the service account in the later steps.

{% endlist %}

## Activate Cloud Backup {#activate-provider}

To activate Cloud Backup, you need _at least_ the `backup.editor` [role](../../backup/security/index.md#backup-editor) for the [folder](../../resource-manager/concepts/resources-hierarchy.md#folder) where you want to lease a server and connect it to Cloud Backup.

When you enable the service, the backup provider starts. For more information about the backup provider and data sent to it, see [Service activation and backup provider](../../backup/concepts/index.md#providers).

{% list tabs group=instructions %}

- Management console {#console}

  1. In the [management console](https://console.yandex.cloud), select the folder where you want to lease a server and connect it to Cloud Backup.
  1. Navigate to **Cloud Backup**.
  1. If you have not activated Cloud Backup yet, click **Activate**.

      If there is no **Activate** button, Cloud Backup is already activated. Proceed to the next step.

- CLI {#cli}

  If you do not have the Yandex Cloud CLI yet, [install and initialize it](../../cli/quickstart.md#install).
  
  The folder used by default is the one specified when [creating](../../cli/operations/profile/profile-create.md) the CLI profile. To change the default folder, use the `yc config set folder-id <folder_ID>` command. You can also specify a different folder for any command using `--folder-name` or `--folder-id`. If you access a resource by its name, the search will be limited to the default folder. If you access a resource by its ID, the search will be global, i.e., through all folders based on access permissions.
  
  1. View the description of the [CLI](../../cli/index.md) command to activate the service:
  
     ```bash
     yc backup provider activate --help
     ```
  
  1. Activate the service in the default folder:
  
     ```bash
     yc backup provider activate --async
     ```
  
     Where `--async` displays the operation progress info. This is an optional parameter.
  
  1. Once you execute the command, you will get the activation warning: `This command will activate backup provider for your folder. Do you confirm this action to be executed? [Yes/no][y/N]`. Confirm the activation by typing `yes` or `y` in the terminal.
  
     {% note tip %}
  
     Use the `--force` flag to activate the service without a confirmation.
  
     {% endnote %}
  
     Result:
  
     ```text
     id: cdgmnefxiatx********
     description: activate provider
     created_at: "2024-10-14T09:03:47.960564Z"
     created_by: ajec1gaqcmtr********
     modified_at: "2024-10-14T09:03:47.960564Z"
     done: true
     metadata:
       '@type': type.googleapis.com/yandex.cloud.backup.v1.ActivateProviderMetadata
       folder_id: b1go3el0d8fs********
     response:
       '@type': type.googleapis.com/google.protobuf.Empty
       value: {}
     ```
  
  After activation, the system automatically creates the following backup policies:
  * `Default daily`: Daily incremental backup with the last 15 backups retained.
  * `Default weekly`: Weekly incremental backup with the last 15 backups retained.
  * `Default monthly`: Monthly incremental backup with the last 15 backups retained.
  
  If you prefer not to create them, use the `--skip-default-policy` parameter.

{% endlist %}

After activation, the system automatically creates the following backup policies:
* `Default daily`: Daily incremental backup with the latest 15 backups retained.
* `Default weekly`: Weekly incremental backup with the latest 15 backups retained.
* `Default monthly`: Monthly incremental backup with the latest 15 backups retained.

## Lease a test server {#server-lease}

If you are already leasing a server with an [appropriate OS](#os-support), proceed to [Connect to the server](#server-connect). Make sure to check the [network permissions](#ip-access) you need to configure on the server.

{% list tabs group=instructions %}

- Management console {#console}

  1. In the [management console](https://console.yandex.cloud), select the [folder](../../resource-manager/concepts/resources-hierarchy.md#folder) where you want to lease a server.
  1. Navigate to **BareMetal**.
  1. Click **Lease server** and in the window that opens, select `Stock configurations` and a suitable BareMetal server [configuration](../concepts/server-configurations.md).
     
     To select the suitable server configuration, click the section with its name in the central part of the screen.
     
     {% note info %}
     
     To quickly find the right configuration, you can use the filter with the hardware characteristics of the configurations on the right side of the screen.
     
     {% endnote %}
     
     {% note tip %}
     
     You can reduce the cost of renting a server in some configurations by ordering server [assembly](../concepts/server-custom-configurations.md#assembly).
     
     To use the discount, hover over **Cheaper with assembly** ![circle-info.svg](../../_assets/console-icons/circle-info.svg) under the configuration at hand and click ![person-nut-hex.svg](../../_assets/console-icons/person-nut-hex.svg) **Go to assembly** in the pop-up window.
     
     When ordering a server with assembly, follow the steps below to configure the server properties. In this case, the server will not be available immediately, but only after the assembly is completed (within four calendar days), and at a lower price.
     
     {% endnote %}
  1. Under **Configuration**, **Location**, and **Lease conditions**, make sure the server configuration you have provided so far is adequate.
     
     If not, click ![arrow-left](../../_assets/console-icons/arrow-left.svg) under **Configuration** to return to configuration setup.
  1. In the **Lease duration** field, select the [lease period](../concepts/servers.md#server-lease): `1 day`, `1 month`, `3 months`, `6 months`, or `1 year`.
     
     When this period expires, server lease will automatically be renewed for the same period. You cannot terminate the lease during the specified lease period, but you can [refuse](../operations/servers/server-lease-cancel.md) to extend the server lease further.
  1. In the **Number of servers** field, keep `1`.
  1. Under **Image**, select `Marketplace` and an [OS supported by Cloud Backup](#os-support).
  1. Optionally, under **Disk**, configure [disk](../concepts/disks/disk-types.md) partitioning:
     
     1. Click **Configure disk layout**.
     1. Specify partition settings. To create a new partition, click ![icon](../../_assets/console-icons/plus.svg) **Add partition**.
     
         To configure [RAID](../concepts/disks/raid.md) arrays and disk partitions by yourself, click **Remove RAID**.
     1. Click **Save**.

        {% note info %}
        
        The disk partitioning parameters are vital to have your server restored from a backup later on. For more information, see [Restoring a VM or Yandex BareMetal server from a backup](../../backup/operations/backup-vm/recover.md).
        
        {% endnote %}

  1. Under **Network interfaces**, in the **Interface 1** section, select a [private subnet](../concepts/private-network.md#private-subnet) in the [availability zone](../../overview/concepts/geo-scope.md) you are renting the server in.
     
     If the server’s availability zone does not have a private subnet yet, or you want to create a new private subnet, click **Create** and, in the window that opens, specify subnet settings as described in [Creating a private subnet](../operations/subnet-create.md).
  1. Under **Network interfaces**, in the **Interface 1** section:
     
     * In the **Public address** field, select a public IP address assignment method:
     
         * `From ephemeral subnet`: Assign a random IP address. If you need to get the IP address when creating a server via a request to a DHCP server, enable **Assign via DHCP**.
     
         * `From a dedicated subnet`: To assign an IP address from the range of addresses of a [dedicated public subnet](../concepts/public-network.md#public-subnet).
         
             In the field that opens, select a public subnet or click **Order** to [order](../operations/reserve-public-subnet.md) a new one.
         
             {% note warning %}
         
             The dedicated public subnet [does not have](../concepts/dhcp.md#dhcp-public-subnet) a DHCP server; therefore, on the network interface of the server connected to such subnet, you should manually configure a static IP address from the subnet’s range of available public IP addresses and specify the default gateway address.
         
             {% endnote %}
     
     * In the **Bandwidth** field, select a [server bandwidth](../concepts/network-restrictions.md#bandwidth-for-pubic-network) package. Available bandwidth packages:
       
       * `10 TB per day, connection capacity, 1 Gbit/s`
       * `100 TB per day, connection capacity, 10 Gbit/s`
       
       {% note info %}
       
       You can select a bandwidth package only for configurations with a public IP address and network cards of 10 Gbps or higher.
       
       You can reduce the connection capacity to 10 TB per day only as early as 24 hours after the server lease starts.
       
       {% endnote %}
     
     For the [Cloud Backup](../../backup/concepts/agent.md) agent to exchange data with the [backup provider](../../backup/concepts/index.md#providers) servers, make sure the server has network access to the IP addresses of Cloud Backup resources based on the following table: {#ip-access}
     
     Port range | Protocol | Destination name | CIDR blocks
     --- | --- | --- | ---
     `80` | `TCP` | `CIDR` | `213.180.193.0/24`
     `80` | `TCP` | `CIDR` | `213.180.204.0/24`
     `443` | `TCP` | `CIDR` | `84.47.172.0/24`
     `443` | `TCP` | `CIDR` | `84.201.181.0/24`
     `443` | `TCP` | `CIDR` | `178.176.128.0/24`
     `443` | `TCP` | `CIDR` | `213.180.193.0/24`
     `443` | `TCP` | `CIDR` | `213.180.204.0/24`
     `7770-7800` | `TCP` | `CIDR` | `84.47.172.0/24`
     `8443` | `TCP` | `CIDR` | `84.47.172.0/24`
     `44445` | `TCP` | `CIDR` | `51.250.1.0/24`
     
     
     
     {% note tip %}
     
     When installing the [Cloud Backup agent](../../backup/concepts/agent.md) on your VM or BareMetal server, you might need to install missing software components from the internet. To do this, add the following outgoing traffic rule to the [security group](../../vpc/concepts/security-groups.md):
     * **Port range**: `0-65535`.
     * **Protocol**: `Any`.
     * **Destination name**: `CIDR`.
     * **CIDR blocks**: `0.0.0.0/0`.
     
     Once the Cloud Backup agent is installed, you can delete this rule.
     
     To access the VM over [SSH](../../compute/operations/vm-connect/ssh.md), add the following incoming traffic rule:
     * **Port range**: `22`.
     * **Protocol**: `Any`.
     * **Destination name**: `CIDR`.
     * **CIDR blocks**: `0.0.0.0/0`.
     
     {% endnote %}
  1. Under **Access**:

      1. In the **Password** field, select one of the following options to create a root password:
      
          * To generate a new root password, select `New password` and click **Generate**.
      
              {% note warning %}
              
              This option requires you to maintain password security. Save the password you generated in a secure location. Yandex Cloud does not store it, and you will not be able to retrieve it once the server is deployed.
              
              {% endnote %}
      
          * To use the root password saved in a Yandex Lockbox [secret](../../lockbox/concepts/secret.md), select `Lockbox secret`.
      
              In the **Name**, **Version**, and **Key** fields, select the secret containing your password, its version, and its key, respectively.
              
              If you do not have a Yandex Lockbox secret, click **Create** to create it.
      
              Choose the `Custom` secret type to specify a custom password or `Generated` to generate password automatically.
      
      1. In the **Public SSH key** field, select the SSH key saved in your [organization user](../../organization/concepts/membership.md) profile.
      
          If there are no SSH keys in your profile or you want to add a new key:
          
          1. Click **Add key**.
          1. Enter a name for the SSH key.
          1. Select one of the following:
          
              * `Enter manually`: Paste the contents of the public SSH key. You need to [create](../../compute/operations/vm-connect/ssh.md#creating-ssh-keys) an SSH key pair on your own.
              * `Load from file`: Upload the public part of the SSH key. You need to create an SSH key pair on your own.
              * `Generate key`: Automatically create an SSH key pair.
              
                When adding a new SSH key, an archive containing the key pair will be created and downloaded. In Linux or macOS-based operating systems, unpack the archive to the `/home/<user_name>/.ssh` directory. In Windows, unpack the archive to the `C:\Users\<user_name>/.ssh` directory. You do not need additionally enter the public key in the management console.
          
          1. Click **Add**.
          
          The system will add the SSH key to your organization user profile. If the organization has [disabled](../../organization/operations/os-login-access.md) the ability for users to add SSH keys to their profiles, the added public SSH key will only be saved in the user profile inside the newly created resource.

  1. Under **Server information**:
     
       1. Specify the server name in the **Name** field. Follow these naming requirements:
     
           * Length: between 3 and 63 characters.
           * It can only contain lowercase Latin letters, numbers, and hyphens.
           * It must start with a letter and cannot end with a hyphen.
     
       1. Optionally, add a server description in the **Description** field.
       1. Optionally, set [labels](../../resource-manager/concepts/labels.md) in the **Labels** field.
  1. Click **Lease server**.

- CLI {#cli}

  1. View the description of the command for leasing a server:
     
     ```bash
     yc baremetal server create --help
     ```

  1. Get a list of configurations:
     
     ```bash
     yc baremetal configuration list
     ```
     
     Approximate result:
     
     ```text
     +----------------------+---------------------+-----------+--------------------------------+--------------------------------+-------------------------+---------+
     |          ID          |        NAME         | MEMORYGIB |              CPU               |          DISK DRIVES           | NETWORK BMANDWIDTH GBPS | CPU NUM |
     +----------------------+---------------------+-----------+--------------------------------+--------------------------------+-------------------------+---------+
     | ly577w5sepew******** | LA-i108-S-1/10G     |        32 | physical cores: 4, mhz: 2400,  | [ type: SSD count: 2 size_gib: |                      10 |       1 |
     |                      |                     |           | name: Xeon D-1521, vendor:     | 838 ]                          |                         |         |
     |                      |                     |           | Intel                          |                                |                         |         |
     | ly5tdlrmwezt******** | LA-i107-S-1/10G     |        16 | physical cores: 4, mhz: 2400,  | [ type: SSD count: 2 size_gib: |                      10 |       1 |
     |                      |                     |           | name: Xeon D-1521, vendor:     | 838 ]                          |                         |         |
     |                      |                     |           | Intel                          |                                |                         |         |
     | ly527jeaz2nb******** | BA-i202-S           |       128 | physical cores: 8, mhz: 2600,  | [ type: SSD count: 2 size_gib: |                       1 |       2 |
     |                      |                     |           | name: Xeon E5-2650V2, vendor:  | 838 ]                          |                         |         |
     |                      |                     |           | Intel                          |                                |                         |         |
     ...
     ...
     | ly52arjxxbl3******** | LA-i114-S           |        64 | physical cores: 8, mhz: 2200,  | [ type: SSD count: 2 size_gib: |                       1 |       2 |
     |                      |                     |           | name: Xeon E5-2660, vendor:    | 838 ]                          |                         |         |
     |                      |                     |           | Intel                          |                                |                         |         |
     +----------------------+---------------------+-----------+--------------------------------+--------------------------------+-------------------------+---------+
     ```

  1. Lease a server:
     
     ```bash
     yc baremetal server create \
       --hardware-pool-id <pool> \
       --configuration-id <configuration_ID> \
       --storage "partition={type=<file_system>,size-gib=<partition_size>,mount-point=<mount_point>},raid-type=<RAID array level>,disk={id=<disk_number>,size-gib=<disk_size>,type=<disk_type>}" \
       --os-settings "image-id=<image_ID>,image-name=<image_name>,ssh-key-public=<public_SSH_key_contents>,ssh-key-user-id=<SSH_key_user_ID>,password-plain-text=<user_password>,password-lockbox-secret={secret-id=<secret_ID>,version-id=<secret_version>,key=<secret_key>}" \
       --rental-period-id <lease_period> \
       --network-interfaces private-subnet-id=<private_subnet_ID> \
       --network-interfaces public-subnet-id=<public_subnet_ID> \
       --name <server_name> \
       --description "<server_description>" \
       --labels <label_key>=<label_value>
     ```

      Where:
      * `--hardware-pool-id`: [Pool](../concepts/servers.md#server-pools) to lease a server from.
      * `--configuration-id`: [Server configuration](../concepts/server-configurations.md) ID.
      * `--storage`: [Disk](../concepts/disks/disk-types.md) partitioning settings. This is an optional setting. Possible settings:
        
        * `partition`: Disk partition:
          
          * `type`: File system. The possible values are `Ext3`, `Ext4`, `Swap`, or `Xfs`.
          * `size-gib`: Partition size in GB.
          * `mount-point`: Mount point.
        
        * `disk`: Disk:
          
          * `id`: Disk number.
          * `size-gib`: Disk size in GB.
          * `type`: Disk type.
        * `raid-type`: [RAID array level](../concepts/disks/raid.md#levels).

        {% note info %}
        
        The disk partitioning parameters are vital to have your server restored from a backup later on. For more information, see [Restoring a VM or Yandex BareMetal server from a backup](../../backup/operations/backup-vm/recover.md).
        
        {% endnote %}

      * `--os-settings`: OS settings. To lease a server without an operating system, skip this parameter. Possible settings:
        
        * `image-id`: ID of an available Yandex Cloud Marketplace public OS [image](../concepts/images.md#marketplace-images).
        * `image-name`: Name of one of the available Yandex Cloud Marketplace public OS images.
        * `ssh-key-public`: Public SSH key contents. You will need to [create](../../compute/operations/vm-connect/ssh.md#creating-ssh-keys) your own SSH key pair to establish a secure server connection.
        * `ssh-key-user-id`: SSH key user ID.
        * `password-plain-text`: Root user's password.
        
          {% note warning %}
          
          This option requires you to maintain password security. Save the password you generated in a secure location. Yandex Cloud does not store it, and you will not be able to retrieve it once the server is deployed.
          
          {% endnote %}
        
        * `password-lockbox-secret`: Yandex Lockbox [secret](../../lockbox/concepts/secret.md):
          * `secret-id`: Secret ID.
          * `version-id`: Secret version.
          * `key`: Secret key.

        You can [install](../operations/servers/reinstall-os-from-own-image.md) the OS from a [custom ISO image](../concepts/images.md#user-images) later.

      * `--rental-period-id`: Server lease period. The possible values are `1 day`, `1 month`, `3 months`, `6 months` or `1 year`.

        When this period expires, server lease will automatically be renewed for the same period. You cannot terminate the lease during the specified lease period, but you can [refuse](../operations/servers/server-lease-cancel.md) to extend the server lease further.

      * `--network-interfaces`: Network settings:
        
        * `private-subnet-id`: [Private subnet](../concepts/private-network.md#private-subnet) ID.
        * `public-subnet-id`: [Dedicated public subnet](../concepts/public-network.md#public-subnet) ID. This is an optional parameter.

          {% note warning %}

          The dedicated public subnet [does not have](../concepts/dhcp.md#dhcp-public-subnet) a DHCP server; therefore, on the network interface of the server connected to such subnet, you should manually configure a static IP address from the subnet’s range of available public IP addresses and specify the default gateway address.

          {% endnote %}

          For the [Cloud Backup](../../backup/concepts/agent.md) agent to exchange data with the [backup provider](../../backup/concepts/index.md#providers) servers, make sure the server has network access to the IP addresses of Cloud Backup resources based on the following table: {#ip-access}

          Port range | Protocol | Destination name | CIDR blocks
          --- | --- | --- | ---
          `80` | `TCP` | `CIDR` | `213.180.193.0/24`
          `80` | `TCP` | `CIDR` | `213.180.204.0/24`
          `443` | `TCP` | `CIDR` | `84.47.172.0/24`
          `443` | `TCP` | `CIDR` | `84.201.181.0/24`
          `443` | `TCP` | `CIDR` | `178.176.128.0/24`
          `443` | `TCP` | `CIDR` | `213.180.193.0/24`
          `443` | `TCP` | `CIDR` | `213.180.204.0/24`
          `7770-7800` | `TCP` | `CIDR` | `84.47.172.0/24`
          `8443` | `TCP` | `CIDR` | `84.47.172.0/24`
          `44445` | `TCP` | `CIDR` | `51.250.1.0/24`
          
          
          
          {% note tip %}
          
          When installing the [Cloud Backup agent](../../backup/concepts/agent.md) on your VM or BareMetal server, you might need to install missing software components from the internet. To do this, add the following outgoing traffic rule to the [security group](../../vpc/concepts/security-groups.md):
          * **Port range**: `0-65535`.
          * **Protocol**: `Any`.
          * **Destination name**: `CIDR`.
          * **CIDR blocks**: `0.0.0.0/0`.
          
          Once the Cloud Backup agent is installed, you can delete this rule.
          
          To access the VM over [SSH](../../compute/operations/vm-connect/ssh.md), add the following incoming traffic rule:
          * **Port range**: `22`.
          * **Protocol**: `Any`.
          * **Destination name**: `CIDR`.
          * **CIDR blocks**: `0.0.0.0/0`.
          
          {% endnote %}

      * `--name`: Server name.
      * `--description`: Server description. This is an optional parameter.
      * `--labels`: Server labels. This is an optional parameter.

- API {#api}

  To rent a test server, use the [create](../api-ref/Server/create.md) REST API method for the [Server](../api-ref/Server/index.md) resource or the [ServerService/Create](../api-ref/grpc/Server/create.md) gRPC API call.

{% endlist %}

Save the server name and ID, as you will need them later.

For more information on leasing a server, see [this BareMetal guide](../operations/servers/server-lease.md).

## Connect to the server {#server-connect}

{% list tabs group=operating_system %}

- KVM console {#console}

  1. In the [management console](https://console.yandex.cloud), select the folder containing your server.
  1. Navigate to **BareMetal**.
  1. Find the server you need, click ![image](../../_assets/console-icons/ellipsis.svg) in its row, and select **Start KVM console**.
  1. In the window that opens, click **KVM console**.

- Linux/macOS {#linux-macos}

  To establish a server connection, specify the server public IP address which you can get using the management console, in the **Public address** field under **Network settings** on the server page.

  1. In the terminal, run this command:

      ```bash
      ssh root@<server_public_IP_address>
      ```

      If this is your first time connecting to the server, you will get this unknown host warning:

      ```text
      The authenticity of host '51.250.83.243 (51.250.83.243)' can't be established.
      ED25519 key fingerprint is SHA256:6Mjv93NJDCaf/vu3NYwiLQK4tKI+4cfLtkd********.
      This key is not known by any other names.
      Are you sure you want to continue connecting (yes/no/[fingerprint])?
      ```

  1. Type `yes` into the terminal and press **Enter**.
  1. Enter the password you specified when creating the server and press **Enter**.

- Windows 10/11 {#windows}

  To establish a server connection, specify the server public IP address which you can get using the management console, in the **Public address** field under **Network settings** on the server page.

  Make sure the Windows account has read access to the key folder.

  1. To connect to the server, run the following command in the command line:

      ```shell
      ssh root@<server_public_IP_address>
      ```

      If this is your first time connecting to the server, you will get this unknown host warning:

      ```text
      The authenticity of host '89.169.132.223 (89.169.132.223)' can't be established.
      ECDSA key fingerprint is SHA256:DfjfFB+in0q0MGi0HnqLNMdHssLfm1yRanB********.
      Are you sure you want to continue connecting (yes/no/[fingerprint])?
      ```

  1. Type `yes` into the terminal and press **Enter**.
  1. Enter the password you specified when creating the server and press **Enter**.

{% endlist %}

## Install the Cloud Backup agent {#agent-install}

1. Copy the file with the service account's authorized key [you created earlier](#prepare-service-account) to the server. To do this, run the following command _on the local machine_:

    ```bash
    scp <path_to_authorized_key_file_on_local_machine> \
    root@<server_public_IP_address>:<absolute_path_to_folder_on_server>
    ```

1. Install the [Yandex Cloud CLI](../../cli/index.md) by running this command _on the server_:

    ```bash
    curl -sSL https://storage.yandexcloud.net/yandexcloud-yc/install.sh | bash
    ```

1. Install the required packages and utilities:

    {% list tabs group=operating_system %}

    - Debian/Ubuntu {#ubuntu}

      ```bash
      apt update && apt install -y jq
      ```

    - CentOS {#centos}

      ```bash
      yum install epel-release -y && \
      yum update -y && \
      yum install jq -y && \
      yum install wget -y
      ```

    {% endlist %}

1. Authenticate in the Yandex Cloud CLI using service account credentials:

    ```bash
    yc config set service-account-key <absolute_path_to_authorized_key>
    ```

1. Get an [IAM token](../../iam/concepts/authorization/iam-token.md):

    ```bash
    yc iam create-token
    ```

1. Install the Cloud Backup agent, specifying the service account IAM token you got earlier:

    ```bash
    wget https://storage.yandexcloud.net/backup-distributions/agent_installer_bms.sh && \
    sudo bash ./agent_installer_bms.sh \
    -t=<IAM_token>
    ```

    Wait until you see the message confirming Cloud Backup agent registration:

    ```text
    ...
    Agent registered with id D9CA44FC-716A-4B3B-A702-C6**********
    ```

## Associate the server with a backup policy {#assign-policy}

You can create backups in Cloud Backup only as part of a [backup policy](../../backup/concepts/policy.md). By default, BareMetal servers are not associated with any policy.

To associate a server with a backup policy:

{% list tabs group=instructions %}

- Management console {#console}

  1. In the [management console](https://console.yandex.cloud), select the folder where you want to associate a server with a backup policy.
  1. Navigate to **Cloud Backup**.
  1. In the left-hand panel, select ![policies](../../_assets/console-icons/calendar.svg) **Backup policies**.
  1. Select the policy to associate your server with.
  
      [Create](../../backup/operations/policy-vm/create.md) a new backup policy as needed.
  1. Under **Attached resources**, click ![image](../../_assets/console-icons/plus.svg) **Attach a VM**.
  1. In the window that opens, select the **BareMetal servers** tab and select the server from the list.
  1. Click **Attach**.

- CLI {#cli}

  1. See the description of the CLI command for associating a BareMetal server with a backup policy: 

      ```bash
      yc backup policy apply --help
      ```

  1. Get the ID of the policy you want to associate your server with:

      ```bash
      yc backup policy list
      ```
      
      Result:
      
      ```text
      +----------------------+----------------------+---------+---------+---------------------+---------------------+
      |          ID          |      FOLDER ID       |  NAME   | ENABLED |     CREATED AT      |     UPDATED AT      |
      +----------------------+----------------------+---------+---------+---------------------+---------------------+
      | abc7n3wln123******** | ghi681qpe789******** | policy1 | true    | 2023-07-03 09:12:02 | 2023-07-03 09:12:43 |
      | deflqbiwc456******** | ghi681qpe789******** | policy2 | true    | 2023-07-07 14:58:23 | 2023-07-07 14:58:23 |
      +----------------------+----------------------+---------+---------+---------------------+---------------------+
      ```

      [Create](../../backup/operations/policy-vm/create.md) a new backup policy as needed.

  1. Get the ID of the server to associate. To do this, go to the relevant [folder](../../resource-manager/concepts/resources-hierarchy.md#folder) in the [management console](https://console.yandex.cloud) and select **BareMetal** from the list of services. The IDs are specified in the server list, the **ID** field.

  1. Associate the server with the backup policy, specifying the policy ID:

      ```bash
      yc backup policy apply <policy_ID> \
        --instance-ids <server_ID>
      ```

      Where `--instance-ids` is the ID of the BareMetal server being associated with the policy.

  For more information about this command, see the [CLI reference](../../cli/cli-ref/backup/cli-ref/policy/apply.md).

{% endlist %}

## Run the backup process {#execute-policy}

{% note info %}

If you are using [LVM](https://en.wikipedia.org/wiki/Logical_Volume_Manager_(Linux)) to manage the disk space of the protected resource, learn [how to restore](../../backup/concepts/backup.md#lvm) resources with LVM in Cloud Backup.

{% endnote %}

To start a BareMetal server backup outside the backup policy schedule:

{% list tabs group=instructions %}

- Management console {#console}

  1. In the [management console](https://console.yandex.cloud), select the folder containing your backup policy.
  1. Navigate to **Cloud Backup**.
  1. In the left-hand panel, select ![bms](../../_assets/console-icons/objects-align-justify-horizontal.svg) **BareMetal servers**.
  1. Find the server you need, click ![options](../../_assets/console-icons/ellipsis.svg) in its row, and select **Create backup**.
  1. In the window that opens, select the backup policy for creating the backup and click **Create**.

  Cloud Backup will start creating a backup of the BareMetal server. You can see the progress in the relevant server row in the **Server status** field.

- CLI {#cli}

  Run this command, specifying the backup policy and server IDs:

  ```bash
  yc backup policy execute \
    --id <policy_ID> \
    --instance-id <server_ID>
  ```

  Wait for the operation to complete.

  You can also run this command in asynchronous mode using the `--async` parameter and track the backup process using the [yc backup resource list-tasks](../../cli/cli-ref/backup/cli-ref/vm/list-tasks.md) command.

{% endlist %}

## Restore your server from the backup {#server-recovery}

{% note info %}

You can restore neither a VM backup to a BareMetal server, nor a BareMetal server backup to a VM.

{% endnote %}

If you need to restore one server's backup to another server, or if the OS has been reinstalled on the source server, [reinstall](#agent-install) the Cloud Backup agent on that server.

To avoid errors when recovering from a backup, start by comparing the parameters of the disks and partitions of the backup against those of the [VM](../../compute/concepts/vm.md) or Yandex BareMetal [server](../concepts/servers.md). For more information, see [Viewing the parameters of backup disks and partitions](../../backup/operations/backup-vm/view-disk-layout.md).

{% note tip %}

If the server used a RAID array, we recommend restoring the backup to a server with a similar partition configuration. We also recommend that you make the partitions at least as large as on the source server.

{% endnote %}

To restore your server from a backup:

{% list tabs group=instructions %}

- Management console {#console}

  1. In the [management console](https://console.yandex.cloud), select the folder containing the backup.
  1. Navigate to **Cloud Backup**.
  1. In the left-hand panel, select ![backups](../../_assets/console-icons/archive.svg) **Backups** and open the **BareMetal servers** tab.
  1. Next to the backup you need to restore your BareMetal server from, click ![image](../../_assets/console-icons/ellipsis.svg) and select **Recover BareMetal server**.
  1. In the window that opens, select the server used to create the selected backup. This server will be marked in the list as `(current)`.
  1. Click **Restore**.

  This will start the BareMetal server restoration from the backup. Wait for it to complete.

- CLI {#cli}

  1. Get a list of backups for the server, specifying its ID:

      ```bash
      yc backup backup list \
        --instance-id <server_ID>
      ```

      Save the backup `ID`.

  1. Restore your server from the backup, specifying their IDs:

      ```bash
      yc backup backup recover \
        --destination-instance-id="<server_ID>" \
        --source-backup-id="<backup_ID>"
      ```

      The recovery of your BareMetal server will start. Wait for it to complete.

      You can also run this command in asynchronous mode using the `--async` parameter and track the backup process using the [yc backup resource list-tasks](../../cli/cli-ref/backup/cli-ref/vm/list-tasks.md) command.

      For more information about the `yc backup backup recover` command, see the [CLI reference](../../cli/cli-ref/backup/cli-ref/backup/recover.md).

{% endlist %}

{% note warning %}

After you recover a BareMetal server from another server’s backup, you may lose network access to the target server. This is because the network settings recovered from the backup, namely the network interface MAC addresses, were taken from the source server.

To restore the network on the target VM, update the MAC addresses in the server's network interface settings using the KVM console. You can get current MAC addresses in the server OS using the `ip a` command or in the [management console](https://console.yandex.cloud) on the server information page under **Network interfaces**. For more information on setting up network interfaces in a particular OS, see the relevant OS guides.

{% endnote %}

## How to cancel a lease and delete resources {#clear-out}

1. [Cancel](../operations/servers/server-lease-cancel.md) your BareMetal server lease.
1. [Delete](../../backup/operations/backup-vm/delete.md) the backup in Cloud Backup using the CLI.

#### See also {#see-also}

* [Leasing a Yandex BareMetal server connected to Cloud Backup](../../backup/operations/backup-baremetal/lease-server-with-backup.md)