Brought to you by:
Enterprise Strategy Group  |  Getting to the Bigger Truth™

ESG TECHNICAL REVIEW

Manage and Protect Kubernetes with Kasten by Veeam

By Craig Ledo, IT Validation Analyst; and Vinny Choinski, Senior Analyst
MARCH 2022

Abstract

This report documents the results of a detailed ESG review of Kasten by Veeam. The intent of the report is to demonstrate the granular and comprehensive functionality the solution provides for data protection and data management of applications in Kubernetes environments.

The Challenges

Organizations are quickly adopting the use of containers in their cloud environments. Containers require fewer system resources than virtual machine environments since they don't include operating system images and are faster, more lightweight, and easier to manage and automate than virtual machines. Kubernetes is being widely used for container orchestration, automating application deployment, scaling, and management. However, modern application environments, driven by containers and orchestrated by Kubernetes, present some unique challenges, especially when it comes to managing and protecting Kubernetes environments.
As illustrated in Figure 1, ESG asked organizations what their biggest challenges were for managing backup and recovery of container-based applications, and 44% identified managing hybrid environments as one of the biggest challenges, with 39% identifying managing backup and recovery of container-based application across multiple clouds as also among their biggest challenges.
Figure 1. Top Five Backup/Disaster Recovery Challenges for Container Environments

What are your biggest challenges related to managing backup/disaster recovery for container environments? (Percent of respondents, N=334, three responses accepted)

Source: Enterprise Strategy Group

The Solution: Kasten K10 Platform for Kubernetes

Kasten K10 is an easy-to-use, scalable, and secure system for backup and restore, disaster recovery, and mobility of Kubernetes applications. Kasten K10 is purpose-built for Kubernetes with an application-centric approach and deep integrations with relational and NoSQL databases and Kubernetes distributions, whether on-premises or in the public cloud. This application leverages native Kubernetes APIs and includes features such as full-spectrum consistency, database integrations, automatic application discovery, multi-cloud mobility, and a powerful, intuitive web-based user interface. As shown in Figure 2, Kasten K10 provides strong support for data services, Kubernetes distributions, and a wide array of storage Infrastructure.
Figure 2. Kasten for Kubernetes Overview

Source: Enterprise Strategy Group

Kasten K10 delivers clear advantages to DevOps teams, including these key benefits:
Built for Kubernetes: Kasten K10 is constructed using cloud-native architectural principles, such as desired-state outcome, with an operator-based declarative model.
End-to-end security: Kasten K10 provides comprehensive end-to-end security via enterprise-grade encryption, IAM roles, RBAC, OpenID Connect, ransomware protection through data immutability, and more.
Automatic application discovery: Kasten K10 automatically discovers all applications running on clusters and all internal states.
Advanced management interface: Kasten K10 integrates monitoring, management, and alerts for all Kasten K10 data management actions.
Rich backup policies: Kasten K10 automates data management workflows with powerful policy-based actions.
Easy to use: Kasten K10 is quick to deploy and easy to use via a state-of-the-art management interface or a cloud-native API with the versatility to accommodate complex applications easily.
Simple installation: Kasten K10 is available on all major cloud provider marketplaces and installs via a single helm command.
• Broad ecosystem: Kasten K10 provides extensive support for ecosystem components across the entire application stack, enabling users to pick the best-of-breed tools or infrastructure solutions most suitable for the job.

ESG Validated

ESG validated Kasten K10 for Kubernetes with a focus on its easy and intuitive management and the simple, clear processes involved in configuring the solution to provide comprehensive data and application backups, restores, and data management of resources in a Kubernetes environment at scale.

Distributed Cloud Data Management

With Kasten K10, organizations can protect and manage containers natively in existing Kubernetes clusters. Applications deployed on a cluster are automatically discovered. This includes containers spanning across storage volumes, databases (NoSQL/Relational), and configuration data included in Kubernetes objects such as config maps and secrets. As shown in Figure 3, Kasten K10 displays the status of each application in the cluster. Here, applications are classified as compliant, non-compliant, or unmanaged, giving users insight into the state of applications within the cluster and enabling them to apply policies and run backups on the applications. The lower graph shows the backup activities as running, completed, or failed.
Figure 3. Cluster Status Overview

Source: Enterprise Strategy Group

Backup Policy
Policies are used to automate data management and data protection workflows. To apply policies, users first need to understand what applications are running in a cluster. Once applications are discovered, they can apply a backup policy. On the far-left side of Figure 3, all applications in a cluster are displayed whether they are currently managed by Kasten K10 or not. In the middle of Figure 3, information about the policies is shown. On the far-right side of Figure 3, information about the total backup data is shown, including snapshots and object storage used.
In policies, users can set attributes like data retentions and storage locations, such as a yearly backup with a 7-year snapshot retention, and a target export location profile, such as an S3 bucket. Then, each time they take local snapshots, the system automatically performs exports to the external locations. This ensures that if there is a local failure, organizations have full backups in remote locations to recover from.
Once created, users can manually run the backup. These are the steps to execute if users wanted to perform data migrations and run the backups to the migration locations. By associating applications with policies, users can scale the operational workflows for their backup and application mobility needs with no manual intervention.
When setting up backup policies, users can set the frequencies to be hourly, daily, weekly, monthly, or yearly with granular snapshot retention options to meet their organizations’ security and corporate governance policies. Should a recovery be needed, organizations can roll back to any available snapshot.
Figure 4. Backup Policy Management

Source: Enterprise Strategy Group

With Kasten K10, the process is to take a local snapshot of the data from managed and unmanaged applications in the form of a backup using the established backup policies. Through policy management, the backup is then exported to a remote location using the export functionality. Both functions are shown in Figure 5. The remote location can be any public cloud such as AWS, Azure, Google, or a private cloud location.
Should recovery be needed, data can be recovered based on a date and time restore point back to the local system from the cloud location. Organizations may have many snapshots and recovery points to choose from. In the event of a ransomware attack or virus, users can roll back to the last point and time before the attack with the assurance that the backup stayed tamper-proof to ransomware. Both primary cloud locations and secondary locations can be established and used as remote locations for backup and recovery. For example, an organization might run production on Azure and export backups to AWS, which uses their version of Kubernetes called EKS, to Google Cloud, or to a private data center.
Figure 5. Distributed Cloud Backup and Recovery

Source: Enterprise Strategy Group

The graphical user interface makes it simple for an operator to establish policies, execute backup and exports, and recover data when needed. This eliminates the need for senior level technical management to perform these functions and frees up resources for higher value projects.

Why This Matters

Kubernetes stores application data as well as mission-critical business data and components such as nodes, pods, and containers. This can create real challenges for organizations to deliver reliable and consistent backups without the need for Kubernetes containerized applications, especially in hybrid cloud environments. Organizations also need to understand the importance of having application-consistent backups. This too can be difficult, if not impossible, to achieve without software automation because a process of some kind must inform the application that a backup is about to take place to allow the application to achieve a quiescent and consistent state by flushing any pending I/O operations to disk.
ESG confirmed that Kasten K10 provides visibility of the cluster with full automated discovery of all applications within the cluster, as shown in Figure 3. Backup policies can then be established, as shown in Figure 4, to meet security and corporate governance requirements. For resiliency, backups can be exported to one or more remote locations with granular policy configuration options. Also, as shown in Figure 5, organizations can then recover to any recovery point across any cloud with application consistency and data resiliency.
Usage & Reports – Cluster Reports
The Kasten K10 cluster reports, as shown in Figure 7, provide a simple way to get aggregate and real-time status of critical parameters, including the total number of clusters, policies, applications, and more. Additionally, users can see global policies and selectively apply them to their cluster groups to simplify the management of backups at scale through automation. By clicking on the date for each cluster report, users can explore all the details behind a report.
Figure 7. Usage & Reports – Cluster Reports

Source: Enterprise Strategy Group

Usage & Reports - Data Usage
Data usage reports, as shown in Figure 8, show the total amount of snapshot data on the top left and the actual amount of object storage used below it. The graphs allow users to view backup history, look for spikes in the backup trend, and narrow activities down to week, day, or hour views. This helps to identify anomalies in the backup data. One example of an anomaly is a ransomware attack. The encryption from a ransomware attack usually shows as more data being sent or stored than what was expected.
Figure 8. Usage & Reports – Data Usage

Source: Enterprise Strategy Group

Why This Matters

An immutable backup means that data is tamper-proof. Once an organization has stored an immutable backup, it cannot be altered or changed. This is specifically important when it comes to cyber-attacks such as ransomware. If a backup is immutable, then it is impervious to new ransomware infections. Having an immutable backup is important to any organization that needs to ensure that it has a copy of data that is always recoverable and secure from undesired and malicious issues.
ESG validated that Tenable.cs can help support DevOps and DevSecOps in uncovering security gaps within IaC by continuously monitoring how code is developed, integrated into existing code bases, and released. We saw how Tenable.cs helped to conduct infrastructure scans throughout the development lifecycle in order to catch and remediate security gaps. We observed how the platform can scan infrastructure against any number and type of policy and cloud resources configuration best practice, then generate appropriate fixes to be applied manually or automatically. We also validated how Tenable.cs can integrate with CI/CD tools to locate and remediate vulnerabilities during code integration and build.

The Bigger Truth

Some of the benefits of Kubernetes include increased agility, faster software development, the ability to manage multiple cloud environments, and support for all container runtimes. Containers, especially in development ecosystems, have become enabling components for many digital transformation initiatives. But many organizations are still facing roadblocks as they attempt to make the best use of this high-powered technology. One major challenge is protecting these types of environments since Kubernetes and containerized applications are not only storing simple container configuration information but also real-time business data on many stateful components running within containerized environments.
Achieving application-consistent backups manually is nearly impossible, and organizations need automated solutions like Veeam’s Kasten K10 for Kubernetes. Advanced functions such as immutability, ransomware protection, multi-cloud backup, and recovery are all part of a complete data protection solution, which Kasten K10 delivers for Kubernetes.
ESG’s technical review of Kasten K10 shows it to be a feature-rich, easy-to-use solution that eliminates the guesswork from protecting Kubernetes environments. If you are looking to manage and protect a Kubernetes environment, ESG recommends considering Kasten K10 by Veeam to provide comprehensive data and application backups, restores, and data management.

This ESG Technical Review was commissioned by Veeam and is distributed under license from ESG.

All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change from time to time. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of The Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at 508.482.0188.

Enterprise Strategy Group | Getting to the Bigger Truth™

Enterprise Strategy Group is an IT analyst, research, validation, and strategy firm that provides market intelligence and actionable insight to the global IT community.