In this webinar, we will back-up many live workloads to the Cloudian Hyperstore from a Kubernetes environment running on a particular cloud. We will demonstrate the value of Cloudian’s WORM capabilities to show how workloads and their data can be protected from ransomware attacks. Later, we will recover workloads from the Cloudian HyperStore to another cloud vendor. We will also demonstrate streaming back-ups for use in cloud and hardware switch overs and other use cases. Kubera from MayaData is the first solution to extend the per workload management of data offered by Container Attached Storage to back-ups and disaster recovery. Kubera is often used by small teams to establish and manage back-up policies whereby data is backed up to S3 compatible object storage. Kubera can also be used to provide a comprehensive view across all workloads of back-up and retention policies and to enable back-ground cloud migration and disaster recovery.

1. Data Protection for
Kubernetes with Kubera
• Kubernetes Data Management
• Built on Kubernetes for Kubernetes
• A complete solution for data protection on
Kubernetes
CNCF Webinar
Aug 6, 2020
1

2. Your Presenters
Follow #OpenEBS channel on Kubernetes Slack
https://kubernetes.slack.com/messages/openebs/
@muratkarslioglu @SanjaysViews @ivishnuvardhan
Sanjay Jagad
Sr. Director of Products
and Solutions
Cloudian
Vishnu Itta
Director of
Engineering
MayaData Inc
Murat Karslioglu
VP of Products
MayaData Inc
murat vitta

3. Data On Kubernetes Community (DOKC)
DOKCs is an openly governed and self-organizing group of
curious and experienced operators and engineers concerned
with running data-intensive workloads on Kubernetes.
This week on DOKC:
Practical look running distributed SQL
on K8s using YugabyteDB
PLEASE REGISTER at https://go.dok.community/register
4 | Container Attached Storage
Demetrios
Brinkmann
https://dok.community/
Next meetup will be held as a
virtual meetup on Aug 11th and
will feature Ren Lee, SRE, Arista.

4. Agenda
● Creating Backup & DR Strategies for Kubernetes
● MayaData & Cloudian Data Agility Vision
● Demo:
○ Granular workload backup to Cloudian Hyperstore
○ Migration of workload across clouds and storage vendors
● K8s as Data Layer - Kubera
● Q and A
5 | Container Attached Storage

5. Measuring Data Agility
2-5x faster in developing
services, apps & product development
Platform SRE at Tier One bank
“Our dev teams love OpenEBS -
especially LocalPV - and Kubera
is increasingly used by my
team”
K8s engineer at large retailer
“Our clusters last < 3 days. This made
stateful workloads on nodes very
difficult until OpenEBS & Kubera.”
6 | Container Attached Storage

6. MayaData Confidential
● Conway’s Law
○ Small teams
○ Small workloads
○ Loosely coupled
● Different engines per
workload & per team
● Operations - automated
● K8s as data layer
● 24 / 7 support
● SaaS & on premises
● Any Kubernetes
● 100% user space
Kubera & OpenEBS

7. Kubera = Kubernetes as your data layer
Policy and environment based
application granular placement of PVs
Policy based storage
Management of data ACLs.
Compliance & Governance
Application and data availability.
Backup and DR
Anomaly detection and proactive config
optimization optimized for data
Monitoring & Actions
Kubernetes APIs
Stateful Applications
Azure
AKS
Amazon
EKS
Google
GKE
VMware
Tanzu
D2IQ
Konvoy
Kubernetes without OpenEBS & other
extensions limited in data capabilities
Kubernetes
8 | Container Attached Storage

8. Kubera = Kubernetes as your data layer
Policy and environment based
application granular placement of PVs
Policy based storage
Management of data ACLs.
Compliance & Governance
Application and data availability.
Backup and DR
Anomaly detection and proactive config
optimization optimized for data
Monitoring & Actions
Kubernetes APIs
Stateful Applications
Azure
AKS
Amazon
EKS
Google
GKE
VMware
Tanzu
D2IQ
Konvoy
Kubernetes without OpenEBS & other
extensions limited in data capabilities
Kubernetes
9 | Container Attached Storage

9. WORM for
Regulatory
Compliance
db1
db2
Redis
Micro service 1
Micro service 2
UI
REST API
CACHE service
db n
● CSI provisioned S3 buckets on Cloudian
HyperStore for cloud native apps
● Seamless integration with Cloudian
HyperStore via S3-APIs for Data
protection
● Encryption, WORM and Secure multi-
tenancy
● Per workload storage, Backup and
Management
CSI
S3 Operator
Kubera
Analytics Data Viz Logging
Migration Compliance
Cloud Native App
Cloudian HyperStore for Cloud Native Apps
10 | Container Attached Storage

10. Robust
Firewall
Backup
Management
Security
Awareness
Training
• Novel phishing attacks
• Security fatigue
• Bad actors
Can be compromised
eventually Backups are the
first target
Data is encrypted here,
preventing recovery
Backup
Storage
Data Protection in Uncertain Times
11 | Container Attached Storage

11. Challenges with Data Protection and Security
• Ensure access control to data and records
• Govern user access rights
• Comply with regulations and legal requirements, e.g., GDPR and privacy,
HIPAA and healthcare, Financial Services, …
• Protect data from alteration and theft
• Ensure integrity of data and changes
12 | Container Attached Storage

12. Why Customers Choose Cloudian
13 | Container Attached Storage
Highest S3 API
compatibility
Data protection
built-in, replication,
striping
File and object
storage
Hybrid / multi-
cloud ready
Granular
management,
bucket level
Up to 14 nines
data durability
_
2
1
Cloud-like
cost
GB/
mo.
Start small and
grow
Object Lock for
immutable
storage

13. Providing Secure Storage
HyperStore Software Defined Storage
Secure Data
(AES-256 encrypted)
CPU Disks Network
Access Controls
(User/Group ACLs)
RBAC User Security
Data Validation
(Checksum on read)
Audit logging
(activity logs)
Versioning
(Optional versioning)
Network Security
(TLS or SSL support)
WORM
Secure Data
• Restrict access to need-to-know RBAC / ACLs
• Write Once Read Many (WORM) protection
• Open APIs to access data and records and download as
needed
• Secured certificate based user access
• Locality control to data center and regions
• Secure networks – https/TLS (next gen SSL)
• Comprehensive Audit logging for all activity
• FIPS 140-2 and CC (efforts are underway)
• AES 256-bit Encryption at-rest, and in-flight
• Versioning to maintain all versions of records
• Automatically verify records with hash-based checksums of
all data across nodes

14. How Cloudian is Different
15 | Container Attached Storage
- No lock-in:
- S3 API-driven for application portability
- Use all management environments built
for S3 API
- Grow without Complexity:
- Traditional apps + Kubernetes
in shared environment
- Hybrid-cloud ready
- Enterprise-grade:
- Security + resilience is built in
Traditional
Applications
Private
Cloud
Public
Cloud

15. Uncertain times are fertile ground for malicious actors
16 | Container Attached Storage

16. MayaData Confidential
https://thenewstack.io/cloud-native-backups-disaster-recovery-and-migrations-on-kubernetes/
Blogs and newstack articles
https://blog.mayadata.io/kubera-mayadatas-unique-cloud-native-approach-to-back-ups

17. Kubernetes cloud native backup
● Multi-cloud or hybrid-cloud
○ Stateful applications need to be agile
● Kubernetes or application upgrades
● Disaster recovery (RTO/RPO)
● Simple backup and restore
18 | Container Attached Storage

18. The Cloudian + MayaData Advantage
19 | Container Attached Storage
● Granular cloud native workload and data protection
● Enabling DR and on-demand capacity expansion
● All (local and cloud native) storage environments managed as one
● Object Storage Data Protection
○ Erasure Coding
○ Data Replication
● Data / Content Security
● Regulatory Compliance
Secure Storage for Kubernetes Workloads

19. Multi-cloud / Hybrid-cloud

20. Multi-cloud / Hybrid-cloud
EKS
On-Prem
GitLab hybrid cloud deployment
21 | Container Attached Storage

21. Multi-cloud / Hybrid-cloud
EKS
On-Prem
GitLab hybrid cloud deployment
22 | Container Attached Storage

22. Kubernetes or application
upgrades

23. Kubernetes or application upgrades
K8s 1.14
v1.3
24 | Container Attached Storage

24. Kubernetes or application upgrades
K8s 1.14
v2.2
K8s 1.18
v2.5
25 | Container Attached Storage

25. Disaster Recovery

26. Disaster Recovery
GKE
Gitaly
Gitaly
27 | Container Attached Storage

27. Disaster Recovery
GKE
Gitaly
Gitaly
28 | Container Attached Storage

28. Simple backup/restore

29. Simple backup/restore
Gitaly
30 | Container Attached Storage
On-Prem

30. Simple backup/restore
Gitaly
Gitaly
31 | Container Attached Storage
On-Prem

31. DEMO

32. Kubera = Multicloud Data Agility toolset
https://account.mayadata.io/login
● Off-cluster Log Storage ● Turn K8s into data layer
● Visualize and Monitor
Kubernetes Topology
● Data Protection & DR
33 | Container Attached Storage

33. MayaData Kubera
Unlimited Team
Management
OpenEBS
Litmus
Many more
CNCF
projects ...
Automated
Deployment
Provisioning,
configuration
templates
Bug fix
supportTopology
Views
Long life
support
Application
discovery
CPU and I/O
performance
budgeting
Unlimited
Alerting
Managed
resilience
SLAs
1yr log
retention
Performance
monitoring
Adaptive
Backup and
Restore
Advanced
Anomaly
Detection
Granular
visualization
Advanced
compliance
Adaptive Cost
Management
Capacity
reporting
Workload
Backup
AI OpsPre-flight
check
Active
Health
Check
ChatOps
K8s Data
Management
Mutl-vendor
Data
Management
CSI Lifecycle
Management
Guided
Benchmark
Advanced
Workload
Back-up
GitOps
Managed
Backup
OnPrem
Air
Gapped
AD
Authentication
Proactive
DR
Chaos
Engineering
Workload
Lifecycle
Management
Open Source
Kubera BASIC
Kubera STANDARD
Kubera ENTERPRISE
34 | Container Attached Storage

34. We will be at KubeCon!
35 | Container Attached Storage