Backup vendors seem to believe 2021 is the year of containers, as many of them have launched or expanded Kubernetes backup capabilities.
For more and more customers, Kubernetes applications have moved from concept to production. Enterprise Strategy Group (ESG), a division of TechTarget, conducted a survey among enterprise IT decision-makers in the middle of 2020 that found 52% of respondents were using containers. Of those, 67% said they already had applications running in production, with the remaining 33% saying they would enter production within a year.
Meanwhile, Kaseya recently published its annual IT Operations Report that surveyed customers ranging from fewer than 50 employees to more than 3,000. In this study, 24% of respondents reported their IT budget for containerization technology increased in 2021.
Furthermore, 21% of respondents said containerization technology is something they will invest in during 2022, placing it in the top five, behind email security, IT automation, ransomware protection and AI and machine learning.
Vendors are recognizing that customers are ready to transition their Kubernetes applications from concept to production, and this translates to increased demand for Kubernetes backup, said Christophe Bertrand, an ESG senior analyst. No one should be surprised, as this is a trend vendors had been preparing for, evidenced by Pure Storage buying Portworx in September and Veeam buying Kasten in October, he added.
"The window of opportunity for vendors getting into Kubernetes backup is now," Bertrand said. Throughout 2021, data protection vendors have made major investments into Kubernetes backup as they aim to ride this wave. Here are the highlights of the year so far:
NetApp's Project Astra comes to fruition
First introduced as Project Astra in April 2020, NetApp Astra officially launched in March and is essentially a Kubernetes-focused version of the vendor's OnTap data management software. Its primary purpose is as a container management tool.
NetApp made it a point to build Kubernetes backup features into Astra before its official launch. This included a snapshotting capability to allow customers to revert their Kubernetes clusters to an earlier point in time, the ability to take full backups at the application level and the means to clone and move applications and their data between clusters.
NetApp claimed Kubernetes backup is necessary for applications running in production, so it didn't make sense to launch Astra without it.
Catalogic goes all-in on CloudCasa
In May, Catalogic Software sold its flagship ECX copy data management software to IBM. Catalogic poured the proceeds from the divestiture into its CloudCasa SaaS Kubernetes backup product.
ECX creates in-place replicas of production data, and these virtual copies could serve backup, test/dev and analytics use cases. CloudCasa provides Kubernetes backup via container storage interface (CSI) snapshots.
Making CloudCasa its new flagship represented Catalogic's shift from selling a software product bound to hardware from its partners to selling services on the cloud. Catalogic is banking on finding greater success with the latter model, as it expects demand for Kubernetes backup to rise.
Catalogic continues to develop CloudCasa further. In June, it added support for Amazon Elastic Block Storage snapshots, Azure support and the ability to take full backups of persistent volumes. In the future, Catalogic intends to develop security features such as multifactor authentication and access logging for the platform.
Veritas redesigns how NetBackup handles Kubernetes backup
In June, Veritas pushed out an anti-ransomware-focused update for NetBackup that included an improvement to how its software handled Kubernetes backup. Previously, NetBackup's Kubernetes protection was deployed as a sidecar container, but in the June update, NetBackup could be directly integrated into a Kubernetes environment as a controller with an operator.
This change represented not only the vendor's better understanding of how to make its technology work for Kubernetes, but recognition that Kubernetes workloads will eventually need protection against ransomware.
No production without protection
Throughout this year, other vendors have been releasing Kubernetes backup products or improving their existing ones:
- Zerto for Kubernetes, which was introduced in June 2020 and went into beta in November, launched this April.
- Portworx's PX-Backup version 2.0 added role-based access control, enabling backup admins to set permissions for developers and let them self-service backup and recovery for the applications they're in charge of.
- TrilioVault for Kubernetes added Velero integration in v2.1, displaying Velero's backup jobs in TrilioVault's interface so users wouldn't have to scroll through Velero's native command-line interface.
- DH2i introduced DxEnterprise for Containers, a product that allows Microsoft SQL Server availability groups to work in Kubernetes.
The market is at this point because customers typically think about how to bring workloads to production first and then solve the problem of protecting them later, said Krista Macomber, senior analyst at Evaluator Group.
Krista MacomberSenior analyst, Evaluator Group
This leads to roadblocks, such as in the case of SQL Server availability groups, where containerizing a workload is possible, but using the same data protection methods as before doesn't work. Since workloads can't enter production and start generating critical data without a means of safeguarding that data, those customers are stuck, Macomber said.
"Customers wanted to get to production first, and protecting it is an afterthought," Macomber said.
Aside from solving for customers' various workloads, vendors are facing the challenge of making sure their Kubernetes backup products can support the various Kubernetes distributions on the market, said Dave Raffo, an analyst at Evaluator Group.
Red Hat OpenShift appears to be the main container platform of choice, but customers in the cloud are going with their cloud providers' products such as AWS' Elastic Kubernetes Service and Azure Kubernetes Service, according to Raffo.
The market is still maturing, so vendors are trying to figure out where customers will end up, Macomber added. The customer "holy grail" would be a product that protects all containers and virtualized environments.
There is still an ongoing issue within organizations of determining how best to handle Kubernetes backup internally, Macomber said. Developers working closely with the applications have the greatest understanding of what needs to be protected, so they want to be able to self-service backup and restore jobs without going through IT. Meanwhile, IT needs to know what's going on in containerized environments because they are ultimately responsible for any critical data loss the organization suffers.
"You don't want to bog developers down with data protection, but at the same time, you need to protect that data," Macomber said.
Role-based access to Kubernetes backup products, such as what Portworx rolled out this year for PX-Backup, is one of the ways vendors are trying to help customers overcome this issue.
Finally, there's the issue of securing containers against ransomware and other outside threats. Since customers are still working out the best internal processes for protecting their containerized environments, it leaves opportunities for someone to "drop the ball" when it comes to ransomware defense, Macomber said. Unlike with traditional backup, which has seen vendors such as Acronis and Arcserve combine security features with backup and restore, security is rarely mentioned alongside Kubernetes, she added.
There aren't enough container environments running in production now to make them a target for cybercriminals, but this will very likely change as customers use them more, Raffo said.
"Security's not an issue until Kubernetes reaches production, but it's still early days," Raffo said.
Kasten, a vendor that specializes in container backup and is owned by Veeam, recently started incorporating anti-ransomware in its market messaging, Macomber said. Similarly, Catalogic is developing security features for its CloudCasa platform. Thus, there's at least some indication that vendors are aware of the upcoming threat, Macomber said.