Introducing Kasten K10 V6.5: The Ultimate Solution for Secure and Scalable Kubernetes Data Protection
Kubernetes is rapidly becoming the platform of choice for deploying and managing cloud native applications. According to a recent ESG analyst study, the Kubernetes market is booming, as nearly half of the organizations surveyed use containers today and another 35% plan to do so in the near future.
But as Kubernetes adoption grows, so do the challenges of data protection, security and scalability. According to our 2023 Ransomware Trends Report, 85% of organizations suffered at least one ransomware attack over the past year alone.
Fortunately, Kasten by Veeam has been innovating to address these challenges and the growing threat of ransomware. So, grab your favorite beverage and read about all of the new capabilities and enhancements we’ve introduced in Kasten K10 V6.5 that demonstrate Veeam’s continued leadership in Kubernetes data protection.
Cloud Native Security
Security is a top-of-mind concern for enterprises across all industries and sectors, including critical government institutions. Whether you’re protecting against ransomware, securing the supply chain, or complying with regulations, security is a critical aspect of Kubernetes data protection. With Kasten K10 V6.5, Kasten is introducing several new features and integrations that enhance Kubernetes security across development, deployment, and operations.
Kasten in Iron Bank
Iron Bank is a verified, centralized, hardened container image repository and source of truth for the Department of Defense (DoD), government, health, and financial sectors. Iron Bank hosts container images that have gone through rigorous security scanning, testing, and hardening pipelines, ensuring that they meet the highest standards of security and compliance.
Kasten is proud to be the first enterprise-ready data protection solution to be hosted on Iron Bank. This means that Kasten images are available for Platform One users to deploy on their Kubernetes clusters with confidence and ease, reducing deployment times from months or years to just weeks, as well as providing the benefit of automatic production of SBOMs in SPDX/CycloneDX format.
Additional Ransomware Protection for your Cloud Native Environments
Ransomware is a growing threat that can cause significant data loss, downtime, and financial damage. To confront, contain, and conquer ransomware attacks, you need to have a robust backup and restore strategy that detects threats early and enables easy data recovery. You also need to ensure that your cybersecurity teams can have an integrated and holistic view so they can respond rapidly to incidents.
Kasten K10 V6.5 now ships with an extended audit log backend that enables you to capture all Kasten-related activity, independent of the cluster audit policy. This ensures that you can capture details regarding suspicious events, such as attempted deletion of restore points or backup policies, even in managed Kubernetes environments where you may not have direct control of cluster audit policy. These enhanced logs can be ingested by Security Information and Event Management (SIEM) systems for further analysis and correlation of events, to determine possible risks to backup data. Kasten’s technical integration with solutions such as Datadog Cloud SIEM can provide DevSecOps teams visibility and timely notification if there’s a problem, right from their preferred tools.
Secure Supply Chain
One of the key challenges of Enterprise DevSecOps teams in securing the supply chain is maintaining the integrity and provenance of software components and dependencies. To address this challenge, Kasten now publishes a Software Bill of Materials (SBOM) for all Kasten images upon each release.
An SBOM is a comprehensive list of all software components and dependencies included in a software product. With an SBOM, you gain visibility and transparency into the software supply chain, so you can identify and mitigate security vulnerabilities while complying with software licensing mandates.
You can also validate in-house deployments against the source of truth using software composition analysis (SCA) tools such as OWASP Dependency-Track, Mend.io (previously WhiteSource), Snyk, or Checkmarx, to ensure new deployments remain free of vulnerabilities.
As Kubernetes deployments scale up in size, complexity, and diversity, enterprises need a simple data protection solution that can scale with them. Kasten K10 V6.5 introduces several new capabilities and enhancements that improve the performance, efficiency, and usability of Kubernetes backup and restore operations at enterprise scale.
Large-Scale, Multi-Cluster Operations
With hundreds of Kubernetes clusters distributed across multiple locations and groupings, you may find it challenging and time-consuming to manage data protection policies, profiles, and licenses. Kasten K10 simplifies this task with a multi-cluster dashboard that provides a centralized view and greater control over Kubernetes data protection.
Kasten’s multi-cluster dashboard is platform-agnostic and supports any Kubernetes distribution or service, such as OpenShift, EKS, AKS, GKE, Rancher, Tanzu, and other Kubernetes Conformant Distributions. It allows you to easily create, edit, delete, or clone backup policies and profiles across multiple clusters from a single interface. It also provides visibility into the license usage and status across all clusters. You can easily create, edit, delete, or clone backup policies and profiles across multiple clusters from a single interface, while gaining visibility into the license usage and status across all clusters.
Adding new clusters is now GitOps-ready, since Kasten K10 can now be deployed and configured across multiple clusters using Git repositories and tools, such as Argo CD, Flux, or similarly capable software. Additionally, we’ve optimized the multi-cluster design for massive scale, enabling it to handle an ever-growing number of clusters and applications, without compromising performance or reliability.
Enterprises often need to perform bulk restore operations for disaster recovery, dev/test cloning, or migration scenarios. Kasten K10 makes this process easier and faster by enabling multi-app restores. Using Kasten K10, you can select multiple applications from the dashboard and restore them to the same or a different cluster with a few clicks. You can also apply bulk transforms to the restored applications, such as remapping storage classes, applying annotations, or changing namespaces.
When you implement them as a Kubernetes Custom Resource, batch restores can also be created directly in YAML for automation purposes, allowing you to leverage kubectl or other tools to initiate bulk operations.
VMs on Kubernetes with OpenShift Virtualization
Kubernetes is not only a platform for running containerized applications, but now also for running Virtual Machines (VMs). Enterprises can leverage Kubernetes to manage their VM workloads alongside their container workloads, using tools such as OpenShift Virtualization. Kasten supports backup and restore of VMs on Kubernetes, enabling you to protect hybrid cloud-native applications with a single solution.
Kasten now supports block-mode backups for VMs on Red Hat OpenShift Virtualization, which is the optimized, default configuration for new VMs. Running OpenShift Virtualization VMs on OpenShift Data Foundations with block mode volumes is key to enabling Live Migration across worker nodes, a must-have capability for any seasoned virtualization administrator.
Kubernetes Backup and Restore Efficiency
Kasten is also introducing several improvements to the backup and restore efficiency of Kubernetes applications. One of these improvements is the support for Change Block Tracking (CBT) for Amazon EBS volumes. CBT is a feature that tracks the changes made to a volume at the block level, allowing for faster and more efficient incremental backups.
And that’s not all! Freedom of choice across various Kubernetes distributions, deployment models, and storage implementations, to suit your application mobility and data protection needs remains Kasten’s foundational principle. With Kasten K10 V6.5, we have added support for Oracle Cloud Infrastructure (OCI) as well as Oracle Container Engine for Kubernetes (OKE). We’ve collaborated with Oracle to ensure that OKE, OCI block and Object storage, and Kasten K10 integrate harmoniously. This enables our joint customers’ DevOps teams to focus on their applications and requirements from the business, rather than having to build and troubleshoot custom data protection scripts or solutions. You can find a more complete list of technology partners here.
Deliver Cloud Native Security & Enterprise Scale
Kasten K10 V6.5 is a major release that delivers cloud native security and enterprise scale for Kubernetes data protection. It introduces new features and enhancements that address the challenges and requirements of enterprises across various industries and sectors. Whether you’re securing the supply chain, protecting against ransomware, or scaling up Kubernetes deployments, Kasten K10 provides a comprehensive and reliable solution that simplifies Kubernetes data protection.
Gaurav Rishi is the VP of Product and Partnerships at Kasten by Veeam. He is at the forefront of several Kubernetes ecosystem partnerships and has been a frequent speaker and author on cloud-native innovations. He previously led Strategy and Product Management for Cisco's Cloud Media Processing business. In addition to launching multiple products and growing them to >$100M in revenues, he was also instrumental in several M&A transactions. Gaurav is a computer science graduate and has an MBA from the Wharton School.
Kasten, Inc. 8800 Lyra Drive, Suite 450 Columbus, Ohio 43240
We value the critical role that the security community plays in helping us protect the confidentiality, integrity, and availability of our software, services, and information. If you have information about security vulnerabilities that affect Kasten software, services, or information, please report it to us via our HackerOne Vulnerability Disclosure Program, or anonymously via this form.