(The following article by Jason Grant, Director, Storage and Data Solutions for Verinext, first appeared in Spiceworks as an expert contribution. You can read it there at this link: Six Essentials for Protecting Cloud and Kubernetes Applications).
Data protection has always been paramount to ensuring business continuity and disaster recovery. In today’s era of ever-present ransomware threats and work from everywhere demands, it’s more mission-critical than ever.
New infrastructure models that leverage Kubernetes, containers and microservices have made data protection more complex, costly and challenging, even as companies have increased expectations for their Recovery Point Objective (RPO) and Recovery Time Objective (RTO) requirements. According to 451 Research, almost half (48%) of organizations have RTOs for mission-critical applications of less than an hour. Likewise, 57% of organizations have RPO requirements in the sub-hour timeframe. This can be difficult to achieve with the added layers of complexity in Kubernetes environments.
Cost and Downtime Risk
Kubernetes-enabled applications have become prevalent for their agility and ability to speed up software delivery in support of digital transformation initiatives. But in some cases, the result can be a bit of a science project, with many decision points and choices. This can greatly impact data protection, particularly when using traditional backup and recovery approaches, as the unpredictable and variable nature of Kubernetes containers can expose environments to data loss, downtime and even lost customer trust.
With Kubernetes, data expanse can be immense. Its agile nature encourages data produced by exponentially more sources and moved across diverse environments, including multi-cloud and edge networks. Backing up and managing this growing and distributed data efficiently is challenging but also crucial. Many Kubernetes-driven applications have become mission-critical to the business, and downtime isn’t an option.
We all know that downtime itself can come at a high cost. Uptime Institute reports that as many as 41% of outages cost over $1 million. But the ramifications of downtime also have a longer tail, putting companies at risk of data privacy and regulatory compliance requirements, creating critical security gaps and impacting an organization’s long-term brand reputation.
Six Essentials for Protecting Kubernetes
Organizations need to establish a fresh approach to data protection to protect cloud and Kubernetes applications without limiting their agility and business-critical benefits. Because Kubernetes workloads are ephemeral and can come and go, your data protection method needs to become more flexible and application-centric. Consider these six key requirements to increase the reliability of protecting Kubernetes infrastructure while lowering its cost.
- Protect containers with granularity: Kubernetes doesn’t work like legacy virtual machines (VM). Traditionally, data protection methods have been machine-focused, protecting apps by default because they have been contained on a single host. This approach fails in Kubernetes because applications will likely be deployed in multiple containers hosted on multiple notes in a cluster. Thus, protecting applications on Kubernetes requires targeting specific containers. Select backup solutions that offer tight integration with container runtime and Kubernetes abstractions. This enables snapshots and replicating the separate Kubernetes abstractions across hosts so that you are targeting just the application data – nothing more or less.
- Ensure application consistency: Protecting Kubernetes effectively requires a backup solution that has domain-specific knowledge of the application so that it can capture its application state reliably and consistently. Consider too that snapshot procedures can be different across databases. What works for Cassandra might not for Kafka. Thus, be certain that your data protection solution can take both application-aware and consistent backups, so you don’t risk data corruption.
- Perform Kubernetes-aware backups: Kubernetes-enabled applications consist of multiple abstractions. These wrap applications and data while interfacing with them via container orchestration services. Traditional backup and data protection solutions are not built to interact with these abstractions. This can make the comprehensive backup of Kubernetes objects, application configuration and data flawed. If you only backup the application without its associated objects, recovery time can be significantly impacted. It may also lead to application crashes and errors that are difficult to spot. Kubernetes workloads must be protected with Kubernetes-aware backup solutions that can manage these different layers of abstractions and protect them with comprehensiveness and consistency. Only then can you assure the peace of mind that your applications are recovery-ready at an application-granular level.
- Mind your namespaces: Another important detail to consider when working to protect Kubernetes applications is the way Kubernetes namespaces distribute resources among IT units. Kubernetes uses namespaces as logical partitions that allow splitting a cluster into homogeneous regions that may share resources and permissions. Most traditional backup applications are not equipped to backup at this namespace level and require manual intervention that can cause errors or omissions. Thus, protecting Kubernetes – and lowering the cost and effort of backing up containerized applications – requires a solution with built-in namespace awareness so admins can properly backup individual Kubernetes applications without the cost and overhead of manual resources.
- Support multi-cloud portability: One of the key advantages of Kubernetes is its agility to deploy containers and microservices across clusters and datacenters located in public and private clouds. But this can add backup and restore complexity. Worse, using traditional backup methods, apps can be left exposed and protection incomplete, exposing them to ransomware or data loss. If backups are performed for the entire machines hosting the containers in an attempt to overcome these risks, the result is a prolonged and expensive restore process which can also lead to data loss, longer downtimes and the inability to meet business continuity SLAs. Instead, be certain that your data protection strategy supports a multi-cloud infrastructure so that you can reliably backup and recover, applications regardless of where their containers and microservices are operating.
- Use automation: When working with cloud and Kubernetes-driven applications, it can be easy to lose track of your cloud usage and associated costs. It’s advisable to use automation and orchestration to turn on and off cloud instances as required. As a result, as new containers and microservices are spun up to deliver fresh capabilities or to meet changing business requirements, they can be automatically disabled once they are no longer in use. This will keep your cloud usage meter in check while limiting exposure created by unmanaged or dormant cloud instances.
Don’t let the cost and risk of storage and data protection outweigh the agility and rapid time to value of Kubernetes. By ensuring that you have a properly configured Kubernetes-aware data protection solution in place, you can lower your overall application availability costs and mitigate the risk of security gaps and data loss for the always-available application experience your business demands.