/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow Us/pcq/media/post_banners/wp-content/uploads/2020/12/internet-3563638_960_720.jpg)
Production applications have been moving from virtual machines to containers and from on-prem to cloud. The increase in the use of containers demanded the need for an orchestration platform such as Kubernetes to manage the containers. Now, Kubernetes is the most commonly used container orchestration tool to run production applications.
There are multiple users within an organization who interact with the Kubernetes environments such as cloud administrators, DevOps engineers, and application developers. However, a multi cloud environment that is not resilient can be exposed to unintended modifications, accidental deletion, insider threats, or ransomware attacks. Even though Kubernetes is known for resiliency, it has the ability to only bring back the container infrastructure, not the data. Furthermore, there is no native Kubernetes application object, so Kubernetes does not know what the organization's application truly is. Hence, organizations need an application-centric Kubernetes protection solution which provides cross-namespace, cross-cluster, and cross-region recovery options.
The security for protecting the application is not just applicable to backing up data. The application protection solution should have security postures in place in each layer of the process including installation, backup, orchestration, and recovery. Having a certified protection solution that offers restrictive permissions will ensure a more secure operational space. Additionally, the option to encrypt data and the overall immutability of backups will help prevent ransomware attacks. The protection solution should also be able to store metadata outside the cluster so that in cases of cluster disaster or breach, the backup remains unaffected.
There are three main types of stakeholders in an organization who manage Kubernetes environments in the cloud.
Cloud Administrator: These stakeholders manage cloud workloads in the organization. They are responsible for protecting cloud workloads, policies, roles, and managing backup, restore, and retention.
Kubernetes Administrator: This includes cloud administrators with Kubernetes expertise who manage Kubernetes clusters in the organization. They are responsible for setting up and monitoring the clusters. For some organizations, cloud administrator and Kubernetes administrator can be the same person. In many cases they belong to the same central/cloud administration team.
Application Owner: These are the owners and creators of Kubernetes applications. They know what comprises the application. There are typically multiple application owners in an organization.
The application-centric Kubernetes protection solution should enable users to be able to do the following:
Application disaster recovery
A catastrophic application failure may cause the original application to fail. However, the protection solution must be able to recover the user(s)’ application(s) even in a different region while ensuring that the application resources and the data be recovered as well.
Application rollback
The protection solution must be effective in an event of an unintended change to an application, including configuration and/or data. It is expected that the solution reverts the application to the time the last backup was created. In fact, the solution must also eliminate resources that did not exist at the point of the backup while also having the option to not overwrite existing resources.
Application migration
Users move applications for multiple reasons, including cost optimization, load balancing, and cluster upgrades. While migration is not strictly a protection use case, many organizations leverage protection tools for migration. The protection solution must facilitate that.
Application cloning
Users will want to clone applications for multiple reasons, including training, development, and upgrade testing. While cloning is not strictly a protection use case, many users leverage their protection tools for cloning. It is expected that the protection solution will ensure that resources do not face a conflict while the data is being copied. For better safety, admins should also be allowed to retain the clones’ lineage information to either track the clone copies or to enable updates to the clones.
Application retrieval
Admins will need to retrieve past versions of applications for reasons, including legal cases, project retrieval, or regulatory compliance. Traditionally, retrieval was focused on data, but now entire application retrieval is becoming more important. Application retrieval enables users to recreate the application flow and view the data in context.
Application resource recovery
When the need arises to recover a subset of an application, admins will look for a mechanism, within the protection solution, through which they can recover specific resources. The protection solution must be able to validate that dependent resources are in place to ensure a successful recovery.
As more teams embrace Kubernetes to build and manage containerized applications, organizations need a data resiliency solution to provide disaster recovery, rollback, migration, cloning, retrieval for compliance, and resource recovery for their applications. This should be coupled with a robust solution for the modern workload across all levels to ensure security alongside the required automation.
The article is authored by Preethi Srinivasan, Director- Innovation, Druva