With Kasten by Veeam and Red Hat’s extensive ecosystem support, you have the flexibility to choose environments (public/ private/ hybrid cloud/ on-prem) and OpenShift versions (cloud vendor managed or self-managed) for your Kubernetes applications with seamless Backup and Disaster Recovery support. This post elaborates on the advantage of this solution and also highlights the Kasten K10 integration with OpenShift Container Storage 4 (OCS 4).
OpenShift is Red Hat’s industry leading hybrid cloud platform that brings Kubernetes and other critical technologies necessary for developers and operations teams to build the next generation of cloud native applications. It is a turnkey platform, readily usable in production, with a robust developer experience.
Red Hat OpenShift Container Storage (OCS) is engineered, tested, and qualified to provide data services for Red Hat OpenShift Container Platform on public or private cloud infrastructures. OpenShift Container Storage runs as a Kubernetes service within Red Hat OpenShift and is designed to provide persistent storage to applications with ease through automated management of storage resources. Red hat OpenShift Storage with a single data management platform delivers, file, block, and object data for one or many OpenShift Container Platform clusters. Organizations can support multiple workload types with a single software-defined storage solution, and applications can move easily between cloud platforms with compatibility.
The Kasten K10 data management software platform has been purpose-built for Kubernetes. K10’s application-centric approach and deep integrations with relational and NoSQL databases, storage systems, and Kubernetes distributions provide for backup/restore and mobility of your entire Kubernetes application. K10, with operational simplicity as a core tenet, makes Kubernetes application mobility and backup as easy as 1-2-3.
KUBERNETES APPLICATION BACKUP
While OpenShift provides resiliency and high availability, it is also critical to regularly backup your applications. Backups, especially when done with automated policies, allow you to recover from situations such as application misconfigurations or malicious attacks like ransomware. Backing up your application periodically in a completely different fault domain provides a necessary layer of protection. Here are some of the key considerations for a good Kubernetes backup solution:
DevOps and “Shift Left” - The DevOps philosophy adopted in parallel with Kubernetes cedes control over both infrastructure and deployments to the developer (known as “shift left”). Backup systems should not only integrate with the CI/CD tools the developers use, they must automatically detect and protect applications coming online. They should do this in a manner transparent to the developers and employ Kubernetes-native APIs that the developers are familiar with.
Security - It is critical that a backup solution be Kubernetes-native and embed within the Kubernetes control plane. It is important to be able to provide fine-grained, role based and scoped access using the same roles and tools used by Kubernetes. Further, to work well with Kubernetes’ approach of delegating encryption to storage and backup platforms, the backup system needs to understand Kubernetes certificate management, work with storage-integrated Key Management Systems (KMSs), and support Customer Managed Encryption Keys (CMEKs) through the Kubernetes Secrets interface.
Application Scale - A cloud native backup solution must be built to handle the millions of components found in large clusters and need to understand the relationships between applications, their data, and related Kubernetes state, and be able to consistently capture all of it together. Additionally, both Kubernetes and cloud-native applications must be architected to scale up (or down) in response to load.
TIGHT INTEGRATION WITH OPENSHIFT
Red Hat along with Kasten tackle all the challenges highlighted above to provide a seamless and secure experience in an OpenShift environment for your Kubernetes applications. The Kasten K10 and Red Hat OpenShift Container Storage (OCS) integrations and benefits include:
Easy installation and Certified Operator: Red Hat OpenShift Container Storage 4 is created for container-based environments and is tightly integrated with Red Hat OpenShift Container Platform enabling Red Hat the ability to provide support for the entire container-based environment.
Kasten and Red Hat worked together to certify and make K10 available on the Red Hat catalog. This gives enterprise teams the assurance that Kasten K10 itself is built and tested to exacting standards and ready to deploy in your OpenShift environment. Additionally, security attributes highlighted earlier also extend into rigorous tests that the Kasten K10 container images adhere to (e.g., UBI based) as well as run as non-root.
Deep K10 and OCS 4 Integration for Resilience and Durability: K10 leverages the Container Storage Interface API available through OpenShift Container Storage 4.6 to provide a seamless experience when it comes to backup and restore operations. Through the CSI snapshot and clones capabilities provided by OCS, Kasten K10 can perform durable backups of your data using OCS storage classes (PVCs), your metadata (Kubernetes and OpenShift APIs such as namespaces and secrets), provides local persistence of the backup for a minimal restore time and the ability to restore a running application namespace while also allowing restoring an application to a different namespace for test and QA purposes and even to a different OpenShift Container Platform cluster.
Diverse workloads and freedom of choice: The solution allows you to choose from a wide selection of infrastructure providers - on-premises and public clouds, SQL and NoSQL databases. OpenShift provides a consistent Kubernetes platform and experience across private on-premises data centers and public clouds with OCS supporting file, block, and object storage. Coupled with Kasten’s K10 Data Management Platform, this approach allows global application portability and protection policies without any development or application code changes for a diverse set of workloads ranging from analytics to AI/ML applications. Additionally, Kasten K10 integrations with modern relational and NoSQL databases allow for application backup and recovery consistency that spans across storage and logical levels.
Security and automation for scale: A production-ready data management solution needs to deliver robust operations-specific features, including everything from global visibility, monitoring, alerting, and auditing, to features such as compliance, RBAC, and deep data services integration. The Kasten K10 platform seamlessly integrates into a customer’s environment with a wide choice of authentication tools (OpenShift OAuth proxy, OIDC, Centrify, LDAP, SAML, Kerberos, etc.,) and offers a variety of different ways to secure access to the K10 dashboard and APIs. K10 supports a flexible permissions model which allows scoping of user permissions to perform K10 actions only within the context of specified applications. To facilitate role-based access for users, K10 leverages Kubernetes ClusterRoles and Bindings, which are user-configurable. K10 uses enterprise-grade AES-256 algorithm and TLS/SSL protocols to encrypt all data at-rest and in-flight.
Policy-driven automation capabilities let you set up custom and default policies to meet both your container storage and data management needs. RedHat extensively uses a set of in-built Operators to automate all the common data and storage management tasks related to provisioning, scaling, availability and protection. This makes management of otherwise complex storage resources a breeze. The policies provide automated enforcement to help meet your SLA’s across thousands of applications.
This brings together the best of Kubernetes from Red Hat OpenShift Container Platform and cloud-native data management from Kasten. Enterprises can confidently run their applications on OpenShift 4 at scale and then protect them on an on-going basis with Kasten’s policy-based approach to automation. If you are a Red Hat OpenShift customer with Kubernetes applications, this solution can now enable use cases such as:
Easy backup/restore with granular control for your entire application stack to make it easy to “reset” your application to a good known state
Disaster recovery of your applications in another cluster, region, or cloud
Get Started Today!
Try the FREE edition of K10 on OpenShift today with this super-quick install in <10 minutes -- no, we are not exaggerating! Free Kubernetes Trial
Gaurav Rishi is the VP of Product and Partnerships at Kasten by Veeam. He is at the forefront of several Kubernetes ecosystem partnerships and has been a frequent speaker and author on cloud-native innovations. He previously led Strategy and Product Management for Cisco's Cloud Media Processing business. In addition to launching multiple products and growing them to >$100M in revenues, he was also instrumental in several M&A transactions. Gaurav is a computer science graduate and has an MBA from the Wharton School.
Kasten, Inc. 8800 Lyra Drive, Suite 450 Columbus, Ohio 43240
We value the critical role that the security community plays in helping us protect the confidentiality, integrity, and availability of our software, services, and information. If you have information about security vulnerabilities that affect Kasten software, services, or information, please report it to us via our HackerOne Vulnerability Disclosure Program, or anonymously via this form.