Kasten and Red Hat: Migration and Backup for OpenShift

This post was co-authored with Gaurav Rishi of Kasten.

Enterprises across the globe can now use Red Hat’s OpenShift Kubernetes platform along with Kasten’s K10 software based, data platform to seamlessly rollout, upgrade, and protect their cloud-native applications. The Kasten K10 operator has been certified to work on OpenShift and enterprise operations teams now have a compelling solution to not only enable upgrades from OpenShift 3 to OpenShift 4 but also to provide backup, and disaster recovery for applications at scale. This post elaborates on the advantage of this solution and brings to life the benefits realized by one of the largest European players in the IT industry.

OpenShift is Red Hat’s industry leading hybrid cloud platform that brings Kubernetes and other critical technologies necessary for developers and operations team to build the next generation of cloud native applications. It is a turnkey platform, readily usable in production, with a robust  developer experience. That’s what makes it both the successful Enterprise Platform-as-a-Service (PaaS) everyone knows about from a developer perspective, but also the very reliable Container-as-a-Service from a production standpoint. Openshift 4 brings additional capabilities to make the Kubernetes experience even more compelling including automated, full-stack installation from container host to application services, seamless Kubernetes deployment to any cloud or on-premises environment, autoscaling of cloud resources, and one-click upgrades for platforms, services, and applications.

The Kasten K10 data management software platform has been purpose-built for Kubernetes. K10’s application-centric approach and deep integrations with relational and NoSQL databases, storage systems, and Kubernetes distributions provide for backup/restore and mobility of your entire Kubernetes application. K10, with operational simplicity as a core tenet, makes Kubernetes application mobility and backup as easy as 1-2-3.

Kubernetes Migration Challenges

Supporting Kubernetes migrations (e.g., migrating applications from one Kubernetes cluster to another)  at scale is a critical need for organizations looking to benefit from all the operational, scale and security benefits we touched on earlier. Some of the key considerations that enterprise ops teams need to tackle when addressing this migration are listed below.

• Application as the Atomic Unit - An application’s Kubernetes resources are a dependency tree and it is the natural grouping. So when migrating applications running on OpenShift v3 to OpenShift v4, we need to treat the application as the unit of atomicity - including the application data across storage volumes, databases, and Kubernetes objects. 
• Transforms Across Infrastructure - When upgrading across OpenShift versions, you may also encounter changes in the underlying infrastructure across the old and new clusters. For a smooth migration, the applications need to be shielded from these changes. An example includes a storage type change from say SSD to a new storage system.
• Handle Environment Differences - Kubernetes upgrades can also result in environment differences across versions - for example, DNS names within the application may need to change. Again, we would like to shield the applications from needing to be rewritten or even be made aware of these changes.

The table below enumerates some examples of infrastructure and environment differences you may encounter as you migrate your Kubernetes applications. Consequently several dynamic transformations are required (and enabled with Kasten K10) across Kubernetes resources without requiring any development or code changes. 

It doesn’t end with upgrades - you need to Backup too!

While OpenShift provides resiliency and high availability, it is also critical to regularly backup your applications. Backups,  especially when done with automated policies, allow you to recover from situations such as application misconfigurations or malicious attacks like ransomware. Backing up your application periodically in a completely different fault domain provides a necessary layer of protection. Here are some of the key considerations for a good Kubernetes backup solution:

• DevOps and “Shift Left” - The DevOps philosophy adopted in parallel with Kubernetes cedes control over both infrastructure and deployments to the developer (known as “shift left”). Backup systems should not only integrate with the CI/CD tools the developers use, they must automatically detect and protect applications coming online. They should do this in a manner transparent to the developers and employ Kubernetes-native APIs that the developers are familiar with.
• Security - It is critical that a backup solution be Kubernetes-native and embed within the Kubernetes control plane. It is important to be able to provide fine-grained, role based and scoped access using the same roles and tools used by Kubernetes. Further, to work well with Kubernetes’ approach of delegating encryption to storage and backup platforms, the backup system needs to understand Kubernetes certificate management, work with storage-integrated Key Management Systems (KMSs), and support Customer Managed Encryption Keys (CMEKs) through the Kubernetes Secrets interface.
• Application Scale - A cloud native backup solution must be built to handle the millions of components found in large clusters and need to understand the relationships between applications, their data, and related Kubernetes state, and be able to consistently capture all of it together. Additionally, both Kubernetes and cloud-native applications must be architected to scale up (or down) in response to load.

Benefits of Kasten K10 and Red Hat OpenShift

Red Hat OpenShift along with Kasten K10 tackles all the challenges highlighted above in a very elegant fashion with the following approach. 

• Provide freedom of choice. The solution allows you to choose from a wide selection of infrastructure providers - on-premises and public clouds, SQL and NoSQL databases. OpenShift provides a consistent Kuberenetes platform and experience across private on-premises datacenters and public clouds including IBM Cloud, Amazon Web Services, Google Cloud Platform. Coupled with Kasten’s K10 Data Management Platform, this approach allows global application portability and protection policies without any development or application code changes. 

• Treat the application as the operational unit. This balances the needs of operations and development teams in cloud-native environments. Given the application focus of not just these groups but also the Kubernetes design philosophy, Kasten’s data management solution works with an entire application and not just the infrastructure or storage layers. This allows your operations team to scale by ensuring business policy compliance at the application level instead of having to think about the hundreds of components that make up a modern app. At the same time, working with the application gives your developers power and control when needed without slowing them down.

• Dynamic Transforms. Under the hood, Kasten K10 incorporates a powerful Application Transformation Engine that empowers the CloudOps teams to provide application portability benefits at a massive scale. Automation by leveraging easy to use UX, rich APIs and policies exposed by K10 allows for an extremely efficient DevOps approach.You can read more about the transform operations (including Test, Add, Copy, Move, Replace) and realize their power by referring to the K10 transform docs here.

• Security and automation are at the heart of the design. A production-ready data management solution needs to deliver robust operations-specific features, including everything from global visibility, monitoring, alerting, and auditing, to features such as compliance, RBAC, and deep data services integration. Further, it means having these features work at scale, not just across diverse environments, but also with PBs of data to optimize and deduplicate. Policy-driven automation capabilities let you set up custom and default policies to meet both your container storage and data management needs. The policies provide automated enforcement to help meet your SLA’s across thousands of applications.

• Certified Operator. Kasten and Red Hat worked together to certify and make K10 available on the Red Hat catalog. This gives enterprise teams the assurance that Kasten K10 itself is built and tested to exacting standards and  ready to deploy in your OpenShift environment. Additionally, security attributes highlighted earlier also extend into rigorous tests that the Kasten K10 container images adhere to. 

This brings together the best of Kubernetes from Red Hat OpenShift and cloud-native data management from Kasten. Enterprises can confidently accelerate their migration to OpenShift 4 at scale and then protect them on an on-going basis with Kasten’s policy-based approach to automation. If you are a Red Hat OpenShift customer with Kubernetes applications, this solution can now enable use cases such as:

• Scalable upgrade of applications from OpenShift v3.11 to OpenShift 4
• Easy backup/restore for your entire application stack to make it easy to “reset” your application to a good known state
• Disaster recovery of your applications in another cluster, region, or cloud

Show me an example?

Let’s take a real customer example to surface the benefits of the Kasten K10 and the Red Hat OpenShift solution. In this case, just 2 CloudOps team members from Sopra Steria (multi-billion dollar, IT services company in Europe)  migrated more than 170 applications that had been developed by 700 developers. 

In addition to a significant change in Kubernetes distributions (OpenShift v3.11 to OpenShift v4.3 across 5 Kubernetes releases), container runtimes (docker to cri-o), and container registries, the underlying storage also changed from a mix of EBS and an external Ceph cluster to EBS and a Kubernetes-native Ceph cluster administered via Rook. 

After the successful migration of these applications over a single weekend, K10 was then employed to provide continuous backup functionality. You can read and watch Sopra Steria presenting this solution by clicking on here.

Get Started Today!

Try the fully-featured and free Edition of Kasten K10 on Red Hat OpenShift today with this super-quick install in <10 minutes.

You can also learn more about:

• K10 by visiting the Kasten product page, reading the K10 datasheet and docs and contact via e-mail, web, twitter, or LinkedIn