How to Choose the Right Kubernetes Data Protection
Dell Technologies sponsored this post.
Make no mistake, the move to cloud native organizations is underway. According to recent research by VMware, over the coming three years the number of container instances worldwide is expected to grow six times to 1.6 billion containers, and over 70% of enterprises are expected to fully embrace Kubernetes.
Much of the impetus behind the use of container platforms, such as Kubernetes, is so that organizations can rapidly develop and release new apps, features and scale at a moment’s notice. Indeed, organizations are in the midst of a transformational digital journey, innovating at a speed never before possible.
As part of their digital journey, inclusive of an expansion into cloud native application use, organizations are also planning and executing against their hybrid and multicloud strategies. In 2020, the Global Data Protection Index (GDPI) snapshot stated that only 52% of organizations report that a lack of data protection solutions for newer technologies is a challenge they face. There is a need for these organizations to protect their Kubernetes deployments faster than ever and momentum is growing; my colleague Rob Mossi penned some additional insight here: Dell EMC Gaining Speed — The Momentum around Data Protection for Kubernetes.
But you don’t have to be a born-in-the-cloud native company to be able to innovate at speed. From the newest innovators to the most established, organizations are using Kubernetes to set their course for rapid development. While rapid development and agility underlie the digital transformation, data protection has to take on an equal weight in this shift. The following is a list of reasons why data protection should be a critical factor in the growth of cloud native organizations:
- Application misconfiguration.
- Infrastructure of hardware failure.
- Accidental or malicious data loss.
- Compliance and auditing.
- Migration of environments, e.g. moving from Development to Production.
- Software upgrades.
- Restore of certain databases to another namespace for Dev/Test and analytics.
1. Data protection has to capture the entire application state, not just persistent data.
The challenge with traditional forms of data protection for Kubernetes is that some data protection approaches will only protect the persistent data stored in persistent volumes in Kubernetes.
The issue with such an approach in Kubernetes is that it causes configuration drift. For example, say you take snapshots of the persistent volumes of a database application at periodic intervals. If there are changes, such as changes to passwords and configurations, there are changes to configmaps and secrets that need to be considered to ensure that the entire application state is captured. Look for a data protection solution that captures the entire application state, including pods, secrets, services, deployments, certificates and configMaps in addition to the persistent volumes. This will ensure there is no configuration drift during application restores and rollbacks.
Note that the data protection solution should protect all the components, not just the volumes.
2. Choose an enterprise-grade data protection solution for Kubernetes.
While there are many small point-based solutions offering data protection solutions for Kubernetes, look for a solution that provides enterprise-grade features such as governance, scheduling, cataloging, policy, compliance, replication and SLA.
Speed and efficiency are critical aspects to look for in a data protection storage. Choose an enterprise-grade protection target backup appliance or storage that includes end-to-end data protection features, such as client-side deduplication and compression algorithms for efficient storage. Additionally, look for storage products that offer virtual and cloud editions to protect your workloads in the cloud.
3. Choose a data protection solution that leverages and contributes to open source.
The Kubernetes space is quickly evolving and there are many competing solutions in the marketplace. It is important to choose a vendor that leverages a standardized open source mechanism for data protection, to prevent vendor lock-in and ensure the widespread adoption of the solution. One such open source initiative is Project Velero, which is an important open source tool backed by VMware and Dell Technologies. Also, look for a solution that adds enterprise-grade features and functionality not available with the plain vanilla version of Velero.
The solution should also extend its capabilities beyond those of Velero, in order to provide an architecture that scales horizontally. This helps to ensure fast backups and restores of persistent volumes, compared to serialized backups with the plain-vanilla version of Velero.
4. Many user experiences.
With DevOps, the focus is on agility and deploying to production quickly. An IT Ops admin seeks to minimize risks associated with running applications and data recovery in the case of disasters, while adhering to compliance and audit requirements.
The IT Ops admins can create centralized policies with appropriate RPO/RTO objectives. And the Kubernetes administrators can be in a self-service mode, whereby they can tag the Kubernetes namespaces and applications that need to be protected and also recover any applications directly from the Kubernetes console using kubectl commands.
In summary, the modern enterprise IT organization needs a holistic approach for protecting all your applications, including containerized deployments orchestrated via Kubernetes. As the space is fast evolving, it is important to use a solution from an established vendor that leverages open source standardized solutions — such as Project Velero, which has quickly become the standard for Kubernetes data protection. Additionally, it is important to ensure that the solution includes enterprise-level features not typically found in newer and less established solutions. The solution must also integrate well within the organization’s established culture and practices, to ensure IT teams can collaborate and work independently.
Feature image via Pixabay.