Data Protection for VMware Tanzu — Freedom for Developers While IT Maintains Control
VMware Tanzu provides an easy way for organizations that already have a VMware base to adopt Kubernetes. Tanzu essentially is a “Kubernetes as a service” platform, allowing customers to run multiple Kubernetes clusters in vCenter using the concept of Guest clusters. The term is borrowed from the Guest OS concept, whereby IT Ops can allocate resources such as CPU, memory and storage to the various dev teams — just as they do for VM environments, without a significant learning curve. Additionally, the developers get their own “as a service” framework to spin new Kubernetes guest environments on-demand, as they need to meet IT’s resource constraints.
The VMware Tanzu message appeals to IT organizations striving to find relevance in the age of digital transformation and DevOps. Many companies are leveraging VMware Tanzu to create an infrastructure platform that can also serve as a way to spin up and manage Kubernetes environments easily, allowing them to be used by their developers.
I have spoken to many customers, including large Fortune 100 companies, in this journey. A consistent response I hear is that the platform is excellent. However, it still lacks a compelling feature — which is data protection. The role of IT Ops is a lot more than just creating a platform and enforcing the resource constraints, to ensure that the teams can work in isolation and share the resources amicably. How do you ensure availability and recoverability when things go wrong? Can you guarantee the application availability if things like hardware failures and disasters happen? Can you recover when the data gets lost or corrupted?
Here’s a quick overview of why recoverability is the key, and how enterprise-grade data protection fits into the Tanzu story.
At Dell, we anticipated these problems in advance. They have been the guiding principles that led to the development of PowerProtect Data Manager, an integrated enterprise-grade data protection solution for Kubernetes, cloud native applications, VMware applications, and Tier 1 applications. PowerProtect Data Manager (PPDM) offers deep integration into the VMware Tanzu environment, to allow adequate data protection for the TKG guest clusters or the user applications deployed in these environments. PPDM resulted from joint engineering with the VMware team and decades of Dell EMC data protection experience, to create a cloud native solution for protecting these environments.
In terms of the critical requirements for a data protection solution for VMware Tanzu, from an enterprise IT perspective, these include the following capabilities:
- The ability to manage multiple Kubernetes and Tanzu environments across your enterprise (on-premises or in the cloud) centrally using an enterprise-grade user interface.
- The ability to automatically discover applications and data that need to be protected; it can also automatically define policies that include the backup schedule, retention, and replication of copies.
- The ability to enforce compliance to ensure applications can recover to the RPO and RTO explained in the policies.
- The ability to tier copies to object or the cloud, for long-term retention.
Additionally, the solution includes capabilities unique to Kubernetes and Container deployments, including:
- Agentless application consistency for cloud native database deployments — such as MySQL, MongoDB, etc.
- Protecting application definitions and deployments to eliminate configuration drift.
- Protecting custom resources in the cluster and PaaS native object definitions such as image tags.
- Support migration of applications to another Kubernetes cluster, on-premises or in the cloud.
- Support for CNCF standards such as Container Storage Interface (CSI), to ensure compatibility across environments and support versioning.
- Support for self-service for Developers and DevOps using Kubernetes native CLI and API support, which includes tagging to associate applications with appropriate policies based on the criticality automatically and support for self-service restores.
- Support for RBAC and other authentication and authorization frameworks for compliance.
Also, some capabilities are unique to VMware Tanzu, including:
- The concept of segmentation between supervisor and guest clusters; the data protection solution needs a deep integration into this layer.
- Integration with Project Velero.
- Support for VMware cloud native storage snapshots and restoration.
Finally, not all data needs to be ported into containers. Some of it can stay in VMs and continue to be used by containers. I explain this concept using an analogy of a three-story building. On the first floor, you have bare metal applications like SAP, Oracle, etc. The second floor has your virtualized database applications, including SQL Server and Exchange. And the third floor is relatively new — the Kubernetes and containerized applications where each microservice maintains its data store in the cluster.
Customers are looking for a single solution to protect applications on each floor, while offering unique self-service capabilities with integration into Kubernetes native tools, VMware native tools, etc. That said, if you are considering VMware Tanzu as your platform, do not ignore the need for a data protection solution — for all the reasons mentioned above.