By: Michael Cade, Senior Technologist Product Strategy at Veeam Software
One of the ever more popular topics in information technology (IT) are container systems, such as Kubernetes. Increasingly, decision-makers at companies of all sizes cannot avoid asking themselves whether containers should be integrated into their own IT infrastructure. At the same time, VMware’s Kubernetes Report 2021 says that Kubernetes is already being used more widely, but at the same time there is a lack of expertise and the necessary security. Reason enough to take a closer look at important questions around Kubernetes – especially from a data protection perspective.
Integral part of hybrid and multi-cloud infrastructures?
In the networks of many corporations and long-established companies, containers do not yet exist, or have only existed for a short time. They were not part of the traditional network structures based on a data centre. However, neither are they an integral part of modern multi-cloud environments or hybrid solutions – they just fit in very well. It is similar to virtualisation: this also started as a trend that not every company had to take up and therefore not all did – only early adopters integrate technology from the beginning. But 20 years later, it seems, a large proportion of all companies have virtualised a high number of workloads.
Kubernetes is now acting as a management platform for containers and interestingly, established and regulated industries like banking and financial services show greater interest and are early adopters of this technology, while other industries are still observing and evaluating the pros and cons. The latter first look at what this is all about, whether it can be incorporated into their networks and be useful at all to gain an advantage in the market. On the side, however, these entrepreneurs are busy with other trends that they need to take a closer look at, such as Cloud Infrastructure-as-a-Service.
Compatible with the runtime environments?
Of course, the question immediately arises as to whether Kubernetes and the virtualisation software are compatible. First, let’s set the record straight about exactly what we are talking about: Kubernetes is an orchestration system for containers; Docker for example, is for now the most common container runtime. The containers created in Docker can each exist and be worked on separately. Developers can manage them individually and do not necessarily need a higher-level solution to manage them. But with the number of containers, the complexity grows, and the overview is lost. To keep this effort small and as clear as possible, a central administration point must be set up – and this is where Kubernetes comes into play. The software keeps an eye on everything and ensures, for example, that payloads are distributed dynamically and sensibly to the containers to guarantee the availability of a service and ensure that it can meet all requirements. Kubernetes is thus an orchestration for Docker and accordingly, a connection between the two is not only possible but desirable.
New security vulnerabilities in sight?
Kubernetes does not change the threat landscape. It does not close security gaps but requires the same Modern Data Protection as any other type of data. Formerly, we just saved everything, then with virtualisation, we selected what to protect and how often. Today, we move forward with containers that sometimes only last for minutes or hours, other than Virtual Machines that can have a lifetime of months. Kubernetes.io provides in-depth documentation that focuses on the “Four Cs” of cloud-native security: Code, Container, Cluster, Cloud/Corporate Data Centre. It states that each layer of the cloud-native security model builds on the previous one. Accordingly, the coding layer (code layer) benefits from a strong foundation at the cloud, cluster, and container level. So, if weak IT security standards apply there, the difficulties cannot be solved at the coding level. Each level must therefore be a strong foundation in itself. Kubernetes simply comes in here as the orchestrator of the containers.
What is becoming important, however, is data protection itself, for example backup and replication. The pioneers of Kubernetes and containers often complain about a lack of data security and data management in relation to the new environments. This is because the infrastructure is now closer to the applications with the help of containers, and data backup must be carried out differently accordingly. There are already coming up the stateful workloads instead of the stateless ones common in container environments and there is an increase of data service deployed right inside the Kubernetes cluster. Other tools from outside, like Amazon Relational Database Service (AWS RDS), can be connected to applications which are running within Kubernetes. This changes the way of the data protection. The Veeam Cloud Protection Trends Report 2021 shows that we are in a transition, because 46 percent of SaaS- and PaaS admins said that their information from stateful application is being saved separately, while 32 percent of the IaaS admins said that their container architecture has been built for long lifetime and therefore they need no backup. On the other hand, 14 percent of Backup administrators do not have a backup-solution for Containers, yet, but are searching.
Over the last 15 years, the focus has been on protecting data in virtualised environments, but container environments are not virtual machines. Backup works differently. At the same time, the administrator is busy with the applications and their platforms, taking on a kind of DevOps role. This is where specialised solutions for data management, data backup and recovery come into play, such as those already offered by Kasten by Veeam, which are designed to deal with Kubernetes and container environments of all kinds, including Docker. It is important to consider the specifics of these new types of environments, such as the ephemeral nature of many containers and their micro-functions, or the integration into cloud, multi-cloud, or hybrid IT infrastructures.
Kubernetes on the rise?
The analysts at ESG published a report in September 2020 called Data Protection Trends and Strategies for Containers, which summarizes the results of a survey of 334 enterprise IT professionals from the United States and Canada. When asked about their use of containers, 67 percent said they use them for production-related applications. This statement underscores the increasing adoption and integration of containers into systems and networks, and this trend will continue over the next two years. VMware’s report, The state of Kubernetes 2021, looks similar: 65 percent of the participants already use Kubernetes within their production. In the year 2020, only 59 percent said so. Ninety-eight percent also said that they are seeing great advantages in the implementation of Kubernetes. Of course, finding trained personnel is the big issue now for those companies.
With the rise of containers, Kubernetes will then also increasingly enter the scene to manage the new environment well. Kubernetes will probably start this triumphant march with startups and large corporations first, because the former can build their networks and accordingly incorporate the new technology immediately, while the latter have the necessary money and personnel to successfully incorporate the new technology. What the GigaOM Radar for Kubernetes Data Protection study highlights is that some management solutions, like Kasten by Veeam K10, already exist to ensure the protection of Kubernetes infrastructure from the very beginning of its incorporation. Furthermore, they can also orchestrate virtual machines and cloud workloads. So, for most entrepreneurs, the question is no longer if they should use containers and orchestration tools, but which one, because the advantages of this new technology are now easily seen.