Gijsbert Janssen van Doorn from cyber resilience platform Zerto explains how organisations can deliver complete data protection for Kubernetes.
The way organisations build and run applications has changed significantly thanks to the lightweight, modular approach of containers. With container adoption in full acceleration and in a position to become the next go-to choice for production deployment, Kubernetes is becoming the critical technology in container orchestration for managing production applications.
According to recent research, over the next 24 months, the momentum of Kubernetes will continue to grow as containers become the more widely used platform for production deployment, ahead of virtual machines. Businesses are required to update applications daily – or even multiple times a day – and these constant updates require microservices that are too big for the virtual machines that organisations typically deploy.
With that said, when it comes to security and data protection, Kubernetes can often be difficult to control and legacy tools and processes simply don’t meet its requirements as a cloud native platform. Unlike more mature virtual environments, Kubernetes has fewer guardrails to make sure that new workloads are configured correctly for data protection.
As a result, there are a range of important factors that IT teams need to consider in maximising data protection in relation to Kubernetes. These include: protecting container pipelines; stateless and stateful applications; and organisational alignment of cloud services.
Protecting container pipelines
Container images act as permanent layers of the process of installation and configuration. But, instead of just capturing the end result – the container image – it makes more sense to protect the technology producing the images, including all the configuration scripts (such as Dockerfiles and Kubernetes YAML files) and documentation. This is otherwise known as a pipeline.
However, the data protection requirements for those systems that create the containers as part of the CI/CD pipeline are regularly overlooked. These include tools such as build servers and code and artifact repositories that store containers and application releases. By protecting these workloads, most of the pipeline that produces container images is, by definition, also more effectively protected.
Stateless and stateful applications
Protecting persistent application data is another important piece of the overall jigsaw. To give this some context, in the earlier phases of container technology development adoption, it was often stated that containers were only suitable for stateless workloads, and that storing any data in a container was impossible.
Times and technologies have changed and today, both the underlying container runtime and Kubernetes itself fully support a diverse variety of workloads, including stateful applications.
While the container images themselves are transitory, and any file system changes are lost after the running container is deleted, there are now various options for adding stateful, persistent storage to a container. Even enterprise storage arrays already in use in on-premises data centres can often provide stateful storage to Kubernetes clusters. Data protection strategy – and the choice of platform – must operate with these capabilities front of mind.
Organisational alignment of cloud services
Many organisations turn to cloud services for object or file storage because it’s quick and easy to implement and manage. But it’s not without its disadvantages, not least in that it exists outside of the control of those responsible for data protection.
The knock-on effect of this is that the existence of invisible persistent storage resources can lead to a risk of unprotected and insecure data, without backup, disaster recovery and application mobility (among other issues). It’s important to realise, therefore, that managing cloud storage is just as hard to get right as enterprise, on-premises storage.
Organisations must ensure a consistent approach to accessing and managing cloud storage so developers can use the services they need while their colleagues can maintain oversight, security, and overall responsibility for data protection.
Addressing data protection and disaster recovery challenges
In dealing with these challenges, organisations need to adopt data protection and disaster recovery platforms that can effectively balance availability and resilience against the need to facilitate effective development speed across enterprise applications and services. This means being able to protect, recover, and move their containers without adding more steps, tools, and policies to the DevOps process.
For example, minimising application downtime and data loss is a priority for any application, especially those that are containerised. Using a native solution, however, will enable a “data protection as code” strategy, whereby data protection and disaster recovery operations are integrated into the application development lifecycle from the outset, and applications are born protected. Organisations adopting this approach can ensure application resilience without any negative impact on the speed, scale and agility of their containerised applications.
In addition, utilising continuous data protection (CDP) technology offers users the reassurance of being able to simply rewind to a previous checkpoint, ensuring a low recovery point objective (RPO). This approach is not only minimally disruptive, but also offers much greater flexibility and availability than a traditional backup approach, where the use of snapshots can be potentially hours behind production systems, leaving gaps in data protection. In contrast, CDP has long been the de facto standard in the VM arena, and is rapidly emerging as the most effective option for containers.
In considering each of these issues, one essential underlying requirement should be to avoid vendor lock-in. Choosing a data protection solution should mean it supports all enterprise Kubernetes platforms and allows data to move to where the application needs to run, without any lock-in to a specific storage platform or cloud vendor so the persistent data remains as mobile as the containers themselves.
By implementing a strategy and platform that can effectively address these challenges, organisations can prioritise data protection without compromising the freedom Kubernetes gives developers to create, build and run applications quickly. Business will be able to easily protect, recover, and move applications for intelligent data management and accelerated software development and delivery. In turn, they can achieve maximum return from this increasingly important area of technology investment.
Gijsbert Janssen van Doorn is Director Technical Marketing for Zerto.
Main image courtesy of iStockPhoto.com