Scribd
Upload
12 views

How To Future Proof Your Kubernetes Data

Uploaded by

Zaharije Orfelin
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
12 views

How To Future Proof Your Kubernetes Data

Uploaded by

Zaharije Orfelin
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 29

Veeam Kasten V7.

0
What’s New

© 2024 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
• Post your questions in
GoTo “Questions” at

Welcome any time


• Slides & recording will
be shared via email
• Share your feedback
in the survey

©©2024
2023Veeam
2024 VeeamSoftware.
Software.Confidential
Confidentialinformation.
information.All
Allrights
rightsreserved.
reserved.All
Alltrademarks
trademarksare
arethe
theproperty
propertyof
oftheir
theirrespective
respectiveowners.
owners.
Welcome • What We Do
• V7.0 Features & Demos
• Live Q&A

©©2024
2023Veeam
2024 VeeamSoftware.
Software.Confidential
Confidentialinformation.
information.All
Allrights
rightsreserved.
reserved.All
Alltrademarks
trademarksare
arethe
theproperty
propertyof
oftheir
theirrespective
respectiveowners.
owners.
We keep your business running

Backup Disaster Application Ransomware


& Restore Recovery Mobility Protection
Protect your Securely replicate Move between Protect your
Kubernetes applications your backups to clouds and on- Kubernetes platform
and data another site premises clusters from cyberattacks

© 2024 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
© 2024 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Introducing Veeam Kasten V7.0
Continuous, fast paced innovation

Nov 2022 Jun 2023 Nov 2023 May 2024

5.5 6.0 6.5 7.0

• Intelligent Job Staggering • VBR Integration • Multi-app Restore


• Backup Windows • Transform Library • IronBank
• Policy Presets • Blueprint Bindings • SBOMs Cyber Resilience
• OpenShift Virtualization • Multi-cluster License • Blockmode Datamover &
• IPv6 Management EBS CBT
• Datadog SIEM Enterprise Solutions

and more!

© 2024 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Cyber Resilience Enterprise Solutions
Public Sector Cloud Native and VMs

Kasten • FIPS 140-3 Inside • OpenShift Advanced Cluster


Management integration

V7.0
Ransomware Protection • OpenShift container image
• Azure Blob protection
• Block-mode backups • Efficient K8s VM backups
• Immutable RestorePoint visibility
Cloud Transactability
What’s New SIEM Integrations • Azure Container Marketplace
• Azure Sentinel
Recovery Focused
Deployment • K10 DR performance
• Secure authentication • VBR Instant Recovery
• In-place volume cloning

© 2024 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Cyber
Resilience Veeam Kasten V7.0
Supporting Enterprise & What’s New
Public Sector

© 2024 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Cloud-native Security with Kasten
Imperative for Kubernetes deployments at Scale

•Govern •Identify •Protect •Detect •Recover


• SBOM • Application Discovery • Authentication & RBAC • Monitoring & Alerting • Application Restore
• Iron Bank & Compliance • Policy-based Backup • Event Auditing • Disaster Recovery
• Immutability • Repository Tampering • Application Mobility
• Always-on Encryption • SIEM Integrations • Veeam Instant Recovery
• Air-gapped Install • 3rd Party Threat Detection
• Admissions Control

© 2024 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Industry’s first Kubernetes-native data
protection supporting FIPS-enabled clusters

Kasten with Kubernetes-native


data protection built on

FIPS 140-3 Red Hat UBI image

OpenSSL
initializes in FIPS Mode

FIPS Compliant with FIPS Detection


OpenShift & Initialization

RHEL kernel boots OpenShift


into FIPS Mode Cluster

As of March 2024: this slide contains forward looking statements.


© 2024 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Already supported:
• AWS S3
• S3-Compliant with Object
Locking

Immutable What’s New?


Azure Blob Immutability
Backups • Ideal for AKS & ARO backups
• Configure retention directly
through Kasten UI

Expanding ransomware Block Mode Volumes


protection • Supported across all immutable
Location Profile types
• Critical for KubeVirt VMs and
other high performance
workloads

© 2024 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
What’s new? Easily identify which of your available backups are protected
in immutability-enabled repositories

Immutable
Backups
Visualizing immutable
RestorePoints in Kasten

© 2024 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Extended Audit
Log backend

Enhanced
Azure Monitor
Container Insights
streams logs
Identify impact attacks on data

Ransomwar
protection

Provides extended visibility for

e Protection DevSecOps teams

Kasten extended audit backend


delivers additional granularity
around important events (e.g.,
attempted deletion)
Integrating Microsoft
Sentinel and Kasten NEW! Custom Sentinel rules
determine suspicious behavior,
such as RestorePoint tampering
Trigger & notify
via Sentinel Playbooks
(Teams, Slack, etc.)

© 2024 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Azure
Ransomware
Protection
Demo

© 2024 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Azure Kubernetes Service (AKS)
Cluster

Protecting app-1 Policy-based


app backup

Azure K8s Key/Secret

Against
Manager
kasten-io

Ransomware User
Entra ID + MFA
Immutable Azure
azure- admission-
AuthN/Z
Blob Container
monitoring controller
Immutable backups K8s audit
SIEM integration
and more Sentinel
SIEM/SOAR
Azure Container Storage
Azure Managed Disk
Azure Files

© 2024 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Leverage existing spend
commitments in Microsoft Azure

Azure Consolidate subscription


management and payments
Marketplace Streamlined deployment to AKS,
ARO, and Arc clusters

Existing marketplace Supported Payment Models


support • Bring Your Own License (BYOL)
• Hybrid Term License –
In Development
• Private Offers

© 2024 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
What is it?
• Provides multi-user authentication to Kasten Dashboard
for secure self-service
• Supports multiple backend IDPs
• User ID consistency simplifies RBAC enforcement

Dashboard What’s new? Better living through automation!


• Configure with a single Helm parameter – vs 5+ parameters
Auth via • Automatic service account & token creation – vs manual
• Automatic cert bundle creation – vs manual

OpenShift • GitOps-friendly secrets for advanced configurations – vs plaintext tokens

Simplified OAuth
configuration
OAuth
Request

OpenShift
Cluster

LDAP

© 2024 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
GitOps-Ready Deployment
for Basic, OIDC, OpenShift OAuth, and LDAP authentication

values-old.yaml
auth: Why does it matter?
oidcAuth:
enabled: true
clientID: AKIAIOSFODNN7EXAMPLEID
clientSecret: bPxRfiCYEXAMPLESECRET • Secrets management

best practices critical to
K8s security
values-new.yaml • Standardizing cluster
auth:
oidcAuth:
deployment with
enabled: true production-ready
backup “out of the box”
clientSecretName: my-secure-secret

• More robust options for


apiVersion: v1 passing secrets by
reference than by value
kind: Secret
metadata:
name: my-secure-secret
namespace: kasten-io
type: Opaque
data:
client-id: AKIAIOSFODNN7EXAMPLEID
client-secret: bPxRfiCYEXAMPLESECRET

© 2024 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Enterprise
Solutions Veeam Kasten V7.0
With Trusted Partners What’s New

© 2024 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
What’s new?
• Step by step guide for configuring scalable lifecycle & data protection
guardrail management
• Leverages full value of OpenShift stack by using Advanced Cluster Manager to
automatically deploy and configure Kasten across large environments
Advanced • Example ACM integration with Kyverno to audit and enforce immutable backups
• Example secure configuration of Kasten auth and multicluster via External
Cluster Secrets Operator and Vault

Manager
Solution Guide Multicluster
Primary OpenShift
Cluster 1
Scalability via OpenShift HashiCorp
Vault
Platform Plus tools
OpenShift OpenShift
ACM Hub Cluster N

OpenShift
Cluster 2

© 2024 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
What is it?
External Storage (S3, Blob, GCS, NFS)
• Native support for
protecting & restoring

Backup
container images my-app internal-registry
managed by
ImageStream ImageStreams using
OpenShift internal my-image
my-image@
sha256:fe42...

Protection registry my-image:1.0


my-image@

• Uses standard Kasten


sha256:a3db...
my-image:1.1

Location Profiles – no

Snapshot
dependency on my-build
Immutable container separate registry my-image:1.1

image backup • Restores exact


container builds to OpenShift Cluster
local registry in event
of cluster loss
Block and File Storage

© 2024 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Consolidating VMs & Cloud Native
with Veeam Kasten

Operations
Lift and shift VMs to cloud native infrastructure
External Storage (S3, Blob, GCS, NFS)
and operations, simplifying hybrid cloud

Backup
Development app1 vm1 vm2
Refactor the app design or integrate with cloud
native microservices

Snapshot
Security & Performance
Stronger application isolation and kernel tuning
Data Protection
Kubernetes Cluster
Fully supported as a Kubernetes workload
by Kasten
Block and File Storage

© 2024 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Direct API integration between Kasten and CephRBD volume manager for
blockmode exports & restores

Why does it matter?


• Reduces in-cluster attack surface for datamover operations

CephRBD
• Improves export and restore performance
• Exports allocated blocks only vs full export – useful for OpenShift
Virtualization backup!
Integration
app1

Read/write
blocks directly
OpenShift OpenShift Data Foundation
Enhancements Ceph Cluster
Create volume
snapshot via CSI
OpenShift

© 2024 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
ROSA
OpenShift
Virtualization
Demo

© 2024 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Additional Recovery Enhancements
New in 7.0

In-place Volume
K10DR VBR Instant Recovery
Cloning

Protects local Kasten Manage Instant


Restores timestamp-
configuration/catalog Recovery within Kasten
appended PVC “copies”
• Uses CSI snapshot & Dashboard
from backup migration token export to • Automatic migration of PVCs
• Non-disruptive to running improve performance to primary storage
workload • Adds Restore workflow via • On-going migration status
• Preserves namespace Dashboard UI
boundaries • Automatic clean up in VBR
• Protects additional Kasten console following migration
• Useful for extracting resources
individual files

© 2024 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Get Started with
Veeam Kasten today
Free up to 5 Nodes
Fully Featured
https://www.veeam.com/products/cloud/kubernetes-
backup/free-kubernetes.html

*Subscription terms vary

© 2024 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
ONLY IN FORT LAUDERDALE

Onsite VMCE
Testing

The future of
data protection
40+ Expert Led
Breakouts

starts here. All New LabWarz


Competition

Connection and
Register at veeamon.com (Legendary)
Celebration

© 2024 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
© 2024 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Follow us! Join the community hub:

© 2023 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.

You might also like