In this webinar, we will back-up many live workloads to the Cloudian Hyperstore from a Kubernetes environment running on a particular cloud. We will demonstrate the value of Cloudian’s WORM capabilities to show how workloads and their data can be protected from ransomware attacks. Later, we will recover workloads from the Cloudian HyperStore to another cloud vendor. We will also demonstrate streaming back-ups for use in cloud and hardware switch overs and other use cases.
Kubera from MayaData is the first solution to extend the per workload management of data offered by Container Attached Storage to back-ups and disaster recovery. Kubera is often used by small teams to establish and manage back-up policies whereby data is backed up to S3 compatible object storage. Kubera can also be used to provide a comprehensive view across all workloads of back-up and retention policies and to enable back-ground cloud migration and disaster recovery.
Unlocking the Future of AI Agents with Large Language Models
Webinar: Data Protection for Kubernetes
1. Data Protection for
Kubernetes with Kubera
• Kubernetes Data Management
• Built on Kubernetes for Kubernetes
• A complete solution for data protection on
Kubernetes
CNCF Webinar
Aug 6, 2020
1
2. Your Presenters
Follow #OpenEBS channel on Kubernetes Slack
https://kubernetes.slack.com/messages/openebs/
@muratkarslioglu @SanjaysViews @ivishnuvardhan
Sanjay Jagad
Sr. Director of Products
and Solutions
Cloudian
Vishnu Itta
Director of
Engineering
MayaData Inc
Murat Karslioglu
VP of Products
MayaData Inc
murat vitta
3. Data On Kubernetes Community (DOKC)
DOKCs is an openly governed and self-organizing group of
curious and experienced operators and engineers concerned
with running data-intensive workloads on Kubernetes.
This week on DOKC:
Practical look running distributed SQL
on K8s using YugabyteDB
PLEASE REGISTER at https://go.dok.community/register
4 | Container Attached Storage
Demetrios
Brinkmann
https://dok.community/
Next meetup will be held as a
virtual meetup on Aug 11th and
will feature Ren Lee, SRE, Arista.
4. Agenda
● Creating Backup & DR Strategies for Kubernetes
● MayaData & Cloudian Data Agility Vision
● Demo:
○ Granular workload backup to Cloudian Hyperstore
○ Migration of workload across clouds and storage vendors
● K8s as Data Layer - Kubera
● Q and A
5 | Container Attached Storage
5. Measuring Data Agility
2-5x faster in developing
services, apps & product development
Platform SRE at Tier One bank
“Our dev teams love OpenEBS -
especially LocalPV - and Kubera
is increasingly used by my
team”
K8s engineer at large retailer
“Our clusters last < 3 days. This made
stateful workloads on nodes very
difficult until OpenEBS & Kubera.”
6 | Container Attached Storage
6. MayaData Confidential
● Conway’s Law
○ Small teams
○ Small workloads
○ Loosely coupled
● Different engines per
workload & per team
● Operations - automated
● K8s as data layer
● 24 / 7 support
● SaaS & on premises
● Any Kubernetes
● 100% user space
Kubera & OpenEBS
7. Kubera = Kubernetes as your data layer
Policy and environment based
application granular placement of PVs
Policy based storage
Management of data ACLs.
Compliance & Governance
Application and data availability.
Backup and DR
Anomaly detection and proactive config
optimization optimized for data
Monitoring & Actions
Kubernetes APIs
Stateful Applications
Azure
AKS
Amazon
EKS
Google
GKE
VMware
Tanzu
D2IQ
Konvoy
Kubernetes without OpenEBS & other
extensions limited in data capabilities
Kubernetes
8 | Container Attached Storage
8. Kubera = Kubernetes as your data layer
Policy and environment based
application granular placement of PVs
Policy based storage
Management of data ACLs.
Compliance & Governance
Application and data availability.
Backup and DR
Anomaly detection and proactive config
optimization optimized for data
Monitoring & Actions
Kubernetes APIs
Stateful Applications
Azure
AKS
Amazon
EKS
Google
GKE
VMware
Tanzu
D2IQ
Konvoy
Kubernetes without OpenEBS & other
extensions limited in data capabilities
Kubernetes
9 | Container Attached Storage
9. WORM for
Regulatory
Compliance
db1
db2
Redis
Micro service 1
Micro service 2
UI
REST API
CACHE service
db n
● CSI provisioned S3 buckets on Cloudian
HyperStore for cloud native apps
● Seamless integration with Cloudian
HyperStore via S3-APIs for Data
protection
● Encryption, WORM and Secure multi-
tenancy
● Per workload storage, Backup and
Management
CSI
S3 Operator
Kubera
Analytics Data Viz Logging
Migration Compliance
Cloud Native App
Cloudian HyperStore for Cloud Native Apps
10 | Container Attached Storage
11. Challenges with Data Protection and Security
• Ensure access control to data and records
• Govern user access rights
• Comply with regulations and legal requirements, e.g., GDPR and privacy,
HIPAA and healthcare, Financial Services, …
• Protect data from alteration and theft
• Ensure integrity of data and changes
12 | Container Attached Storage
12. Why Customers Choose Cloudian
13 | Container Attached Storage
Highest S3 API
compatibility
Data protection
built-in, replication,
striping
File and object
storage
Hybrid / multi-
cloud ready
Granular
management,
bucket level
Up to 14 nines
data durability
_
2
1
Cloud-like
cost
GB/
mo.
Start small and
grow
Object Lock for
immutable
storage
13. Providing Secure Storage
HyperStore Software Defined Storage
Secure Data
(AES-256 encrypted)
CPU Disks Network
Access Controls
(User/Group ACLs)
RBAC User Security
Data Validation
(Checksum on read)
Audit logging
(activity logs)
Versioning
(Optional versioning)
Network Security
(TLS or SSL support)
WORM
Secure Data
• Restrict access to need-to-know RBAC / ACLs
• Write Once Read Many (WORM) protection
• Open APIs to access data and records and download as
needed
• Secured certificate based user access
• Locality control to data center and regions
• Secure networks – https/TLS (next gen SSL)
• Comprehensive Audit logging for all activity
• FIPS 140-2 and CC (efforts are underway)
• AES 256-bit Encryption at-rest, and in-flight
• Versioning to maintain all versions of records
• Automatically verify records with hash-based checksums of
all data across nodes
14. How Cloudian is Different
15 | Container Attached Storage
- No lock-in:
- S3 API-driven for application portability
- Use all management environments built
for S3 API
- Grow without Complexity:
- Traditional apps + Kubernetes
in shared environment
- Hybrid-cloud ready
- Enterprise-grade:
- Security + resilience is built in
Traditional
Applications
Private
Cloud
Public
Cloud
15. Uncertain times are fertile ground for malicious actors
16 | Container Attached Storage
17. Kubernetes cloud native backup
● Multi-cloud or hybrid-cloud
○ Stateful applications need to be agile
● Kubernetes or application upgrades
● Disaster recovery (RTO/RPO)
● Simple backup and restore
18 | Container Attached Storage
18. The Cloudian + MayaData Advantage
19 | Container Attached Storage
● Granular cloud native workload and data protection
● Enabling DR and on-demand capacity expansion
● All (local and cloud native) storage environments managed as one
● Object Storage Data Protection
○ Erasure Coding
○ Data Replication
● Data / Content Security
● Regulatory Compliance
Secure Storage for Kubernetes Workloads