This is the second half of a two-part series that discusses data mobility for cloud native environments via Red Hat OpenShift.
In Part 1 of this series, we explored the challenges associated with Kubernetes adoption and the difficulties and benefits that comes with opting for Red Hat OpenShift, a platform to help you build and deploy applications at scale on Kubernetes. Our adoption insights come from Jonathan Le Lous, CTO of cloud native infrastructure for Capgemini. With over 20 years of direct involvement in open source solutions and as a program committee member for the Linux Foundation, Le Lous embarked on his first OpenShift journey five years ago. He has since been actively involved in guiding numerous Capgemini customers in their transition to OpenShift.
In this blog — part 2 —we delve into data mobility and security, focusing on the selection of Kasten K10 for data protection features for stateful data and applications on Kubernetes. With its multi-cloud compatibility and Kubernetes-centric design, Kasten K10 addresses the increasing importance of protecting and securing your stateful application data. We will also emphasize the significance of having robust security and reliable automated protection for your stateful applications, based partially on Le Lous’s input.
What Happens to Data?
Application mobility can pose significant security, business, and financial risks if not implemented correctly. Through experience, enterprises often discover that their applications and data are susceptible to various issues when they attempt to port applications or clone clusters from one environment to another. Enterprises should therefore consider a cloud agnostic solution like Kasten K10, which allows them to move applications and data from one cloud to another easily and safely.
As Le Lous noted, backing up data and applications on Kubernetes is genuinely complex.
“I recall a client using Azure Kubernetes Service (AKS) for their Kubernetes, and when I inquired about their backup plan, they confidently replied, ‘For sure, we have it.’,” Le Lous said. “They explained that they rely on the native services available on Azure. “I pointed out that Azure lacks such services, and they should check the documentation. It’s not just having a backup plan since you need to build your plan and rely on your own resources. This is crucial.”
To maintain continuous 24/7 operations and enterprise-grade service level agreements (SLAs) on Kubernetes for Capgemini and its customers, having reliable backups with a DR plan and backup restore plan is essential.
“Without this in place, we cannot effectively execute our responsibilities, making it a critical aspect for us,” Le Lous said.
With OpenShift, Le Lous opted for Kasten K10 for backup and DR for Capgemini’s cloud native deployments and for its consulting clients, including AXA, a multinational France-based insurance provider and Ariel Mission Consortium.
Le Lous’ exclusive method for achieving multi cloud capabilities is implementing both Kubernetes and Kasten K10 for data mobility and security. In the case of AXA and Ariel, Kubernetes offers an open-source and standardized approach that can be applied universally.
“Kubernetes provides the same management API across different environments, allowing for flexibility without being tied to a specific cloud provider,” Le Lous said. “In this context, maintaining consistency on the data side is crucial and drives the need for backup and recovery. This is where Kasten K10 holds unique value by addressing two significant pain points in Kubernetes: Application backups and security.”
Managing data and applications in Kubernetes environments, especially amidst the transition to multi and hybrid cloud environments, is a big deal for users. The decision to shift from one cloud provider to another – such as moving from Google Cloud to Azure – or from the public cloud to on-premises – such as Google Cloud to OpenShift deployed in the customer datacenter — impacts data flow and is a common consideration to make. Navigating these choices only becomes more complex in the multi cloud landscape. Solutions like Kasten K10 can be instrumental in preserving the delicate balance between stateless and stateful data across various clouds and allow organizations to maximize their flexibility while minimizing their cloud spend. Therefore, it’s not merely about data management but about strategic decision-making in the intricate realm of multi cloud scenarios as well.
Indeed, the key to achieving multi cloud functionality lies in leveraging Kubernetes and the capabilities of a single data protection provider, which Kasten K10 is, according to Le Lous.
Currently, this approach is exemplified in Capgemini’s work with AXA.
“This substantial project emphasizes automation, and they are successfully implementing multi cloud solutions with Kubernetes,” Le Lous said. “In such endeavors, maintaining consistency on the data side is imperative, and backup and recovery measures become essential in ensuring data integrity. This is precisely why, in my view, Kasten holds unique value in this context. It addresses critical pain points in Kubernetes — backups and security.”
Security Concerns
In the era of cloud native computing, ensuring the security of your software supply chain becomes foundational, beginning from the early stages of development and extending throughout the entire life cycle of an application. The conventional approach of introducing security tests toward the end of development or production — or patching applications in operation — is now outdated.
Nevertheless, security teams still have the responsibility to monitor their platforms and ensure that running applications adhere to security and hardening requirements like they have in the past. However, many of the tactics and tools used are different for Kubernetes environments. At the same time, the landscape of potential attackers is continually shifting, which requires security teams to ensure that their security tools and processes can adapt to and address evolving threats.
Inadequate security measures can significantly impact businesses by causing delays in critical releases to address issues identified later in the software life cycle or overlooking fixes that were solely applied to running workloads. Similar to the pivotal role of automation in Kubernetes, security holds equal importance in securing the software supply chain. Effective practices should be continuous and incorporate security gates at various stages such as build, deploy, runtime processes, otherwise known as DevSecOps — including proper storage and DR.
“It’s not that Kubernetes is less secure — in fact, it’s quite secure out of the box,” Le Lous said. “The challenge lies in adapting your mindset regarding security since the traditional approach no longer suffices. Consequently, you need a proactive stance from the project’s inception, since relying solely on prevention is a recipe for failure, given the ingenuity of threat actors and the ever-evolving landscape of attacks.”
With its multi cloud compatibility, end-to-end encryption, and Kubernetes-centric design, Kasten K10 addresses the increasing importance of securing stateful application data by emphasizing the significance of robust security and reliable automated protection for cloud native applications. Security must be integrated into your project from the start, both for proper data protection and disaster protection. And because Kasten is itself cloud native, data protection policies can be implemented directly within pipeline automation. Whether it’s something as simple as taking a backup prior to a new release or ensuring that backup policies are implemented at the time of release, Kasten fully embraces and integrates with CI/CD pipeline automation. Additionally, since Kasten provides an SBOM with every release, customers can have the confidence and peace of mind that their cloud native data protection solution isn’t introducing unknown or insecure packages into their environments.
“It is worth noting that Kasten K10, combined with Red Hat Advanced Cluster Security (ACS) and Red Hat Advanced Cluster Manager (ACM), can provide enhanced visibility and proactive security posture management. Again, data protection is key for multi cloud Kubernetes environments, not only for security but for mobility, as described above.
“Strategic data holds immense significance for the long term — well beyond immediate concerns,” said Le Lous. “When dealing with sensitive data that spans multiple years, the challenge is not just about having the data; it is about seamlessly managing it across different cloud providers and having the freedom to do that. The data mobility that Kasten K10 offers is key. “
For more best practices about Kubernetes application mobility, download The Gorilla Guide to Kubernetes Native Application Mobility e-book.
