Guest: Gaurav Rishi
Company: Kasten by Veeam
Show: Let’s Talk
Kubernetes is a young and an extremely dynamic ecosystem, which means it comes with a few breathing problems. With more and more customers looking to seamlessly deploy workloads into production, the need for simplicity is growing. That’s why companies like Kasten by Veeam have made it their mission to help enterprise companies deploy with confidence.
What’s New in Kasten K10 4.5?
To that end, Kasten by Veeam created Kasten K10, which has only recently announced its 4.5 release. According to Gaurav Rishi, VP of Product at Kasten by Veeam, Kasten K10 helps companies face data management problems head-on. Three of the most important use-cases the product deals with are Kubernetes backup and recovery, disaster recovery and application mobility (whether it’s Kubernetes applications between versions of Kubernetes, across clusters, or even hybrid environments).
With the newest release of Kasten K10, users will find a lot of new features. Back in the 4.0 release, protecting Kubernetes applications from ransomware became a critical issue. With the 4.5 release, the developers have made some ecosystem innovations to further increase ransomware protection support across Amazon S3 and a variety of object stores (be they on-prem or in the cloud).
The next area the new release focuses on is a much-improved out-of-the-box experience. Because there are so many moving parts to Kubernetes, it became very important to make sure Kasten K10 was easy to install and comes bundled with a good amount of usable tools. Kasten by Veeam wants to make sure customers and users can deploy workable dashboards quickly and easily.
The third new addition to Kasten K10 is support for edge computing. So now the tool works with on-prem, the cloud, and the edge.
A Flexible Platform
Platforms tend to be opinionated and they also have a tendency to lock users into themselves. Kasten believes that customers should have the freedom to choose the best tools for their jobs, as a result one of the most important features of Kasten K10 is extensibility.
“What’s unique about Kasten’s approach to solving the problem is that freedom of choice (from a customer’s perspective) is one of our core tenets for design philosophy. What that translates to is that we are not a storage vendor.” Rishi adds, “So we’re not forcing customers to use this version or this distribution of Kubernetes.”
At the same time, “we want to improve the out-of-the-box experience and we’ve gone ahead and taken these next-generation cloud-native tools like Prometheus and Grafana, and created dashboards so that you become productive just as soon as you install Kasten K10,” says Rishi.
He adds that the company understands that customers will have applications that require some level of customizations when it comes to backups. Rishi says, “Maybe you want to go ahead and define the order of operations by saying: don’t go and back up microservice two, or when you recover make sure microservice one is completely dehydrated before microservice two comes up. So those kinds of extensible options are where Kasten K10 allows complete freedom of choice.”
With regards to security, Rishi addresses the difference between Kubernetes data management and traditional IT security. He immediately talks about distributed applications, which are dynamically allocated to different physical nodes. Because of this, Rishi says, “The concept of parameter security or having just data center security-related approaches are completely different. You know you might not even have a virtual machine layer, it might be running bare metal in this context. So all of the solutions in the security context, which tried to solve it from that perspective, are different.” He also mentions how over-commissioning and privilege separation as being serious issues with modern deployments.
From a Kasten K10 perspective, they are already conscious of the surface area exposed, and they try to minimize it. As an example, Rishi says, “When we are going to get an installation in terms of let’s say an AWS environment, we can take an assumed role. We are integrated as an IAM. We don’t ask for username or password type credentials. And we have gone through a fairly onerous process to make sure that we ourselves have everything patched up. In addition to that, we have gone ahead and had ourselves scanned so that we don’t have any vulnerabilities.”
The edge is also now a crucial component of Kasten K10. From Veeam’s perspective, Rishi says one of the issues is knowing where the edge is. He says, “One person’s edge is another person’s data center is the way I joke about it internally.” So depending on the industry or use-case, the edge could be located in different places. One thing Kasten K10 has done since version 2.5 is aging out certificates. With the new version, they made sure that the feature works with K3.
Kasten, Veeam Integration
Kasten, while runs as an independent unit of Veeam, the two companies work closely and are working on tighter integration of their technologies. With Kasten K10 4.5, they have also announced integration into VBR Version 11A and higher. That allows customers to take Kasten K10 backups and send them to VBR.
Rishi finishes with, “Not only do we get to have VBR support a variety of different types of workloads, not just hypervisor but now Kubernetes application volume data, but we also get to leverage your investments in a lot of these popular backup targets that VBR has already been integrated into.”
The summary of the show is written by Jack Wallen
Here is the rough, unedited transcript of the show…
Swapnil Bhartiya: Hi, this is your host Swapnil Bhartiya, and Welcome to TFiR Newsroom. And today, we have with us once again Gaurav Rishi, VP of product at Kasten by Veeam. Gaurav it’s great to have you back on the show.
Gaurav Rishi: Swapnil, great to be back here, thank you very much.
Swapnil Bhartiya: Kasten has announced Kasten 10 4.O.5 Kubernetes data management platform. Before we talk about this specific release, I want to talk a bit about Kasten 10 and then talk about what specific problem are they trying to solve for the Kubernetes users with it.
Gaurav Rishi: Kubernetes is a young and growing ecosystem. So, it’s extremely dynamic. So, it comes with some breathing problems and customers definitely want to make sure simplicity to get your data workloads in production is something that is as seamless as possible. So you know Kasten by Veeam’s mission really is to go ahead and make sure that we are helping these enterprises confidently run their application on Kubernetes by facing these data management challenges head on. And, so specifically you know the three huge cases that we focus on and do really well is Kubernetes backup and recovery, we also support disaster recovery and application mobility, whether it’s Kubernetes applications between Kubernetes versions as you go ahead and back up and rehydrate application the versions could change or it could be a cross clusters or even hybrid environments. So those three huge cases looking back up, disaster recovery and application mobility in the context of Kubernetes is really what Kasten lives and breathes on.
Swapnil Bhartiya: Great. Now let’s talk about what’s new in 4.O.5 release.
Gaurav Rishi: Lots of lots of new things. And so you know I’m trying to sort of keep it simple in terms of atleast giving you the top three themes. You know before I jump into that and I just take a step back, I think Swapnil when we talked about last time and we were talking about Kasten 4.0. back in may. We talked a lot about the fact that Ransomware is a scourge and we had started getting a lot of customer requests, we read about this in the news all the time about Ransomware attacks across the organization. And, so Kasten became the first organization to be able to protect your Kubernetes applications and be able to recover from them. So so that was the centerpiece of our release in the 4.O timeframe. Not only have we gone ahead and done some ecosystem innovations to increase the Ransomware protection support across not just Amazon S3, but a variety of object stores that could be on premises whether it’s [Menai 00:02:48] or Cloudy and or Scality et cetera.
Number two, we’ve actually gone ahead and improved on out of the box experience. And this is hits on the point you are making which is there’s so many knobs to done and simplicity is at the forefront of everybody’s mind. So the way we have gone ahead and made sure that it’s not only an easy to install and bring up your Kasten K10 application, but it comes bundled with a lot of goodies in terms of being able to get a view of what the dashboard looks like. Get a quick view in terms of what are the application which are not protected what are the backups that might have failed and be able to drill down into it. So out of the box experience, but still allowing people to make an extensive BOSH so it can integrate into that cloud native workflows is theme number two.
And third actually as exciting is we are going ahead and see Kubernetes growth go into the edge. So we are seeing lightweight Kubernetes distributions like K3 come up. And we’ve also gone ahead and added support for not just supporting Kubernetes environments in the cloud and primary data centers but now deepening into the edge. So those are the K3 themes that maybe talk about the way we innovate but of course we can get into the details.
Swapnil Bhartiya: I want to go back to extensibility, platforms tend to be opinionated they can also lock users in. So talk a bit about how do you maintain the fine balance of creating a platform which makes things easier for users while also giving them freedom and flexibility without any risk of vendor lock-in.
Gaurav Rishi: Let me try and address it in two parts. The first part is what’s unique about Kasten’s approach to solving the problem and I think freedom of choice from a customer’s perspective is one of our core sort of tenets is a philosophy and design philosophy. So in some ways what that translates to is that we are not a storage vendor. So we don’t force people to go and say, you have to use this particular storage before you can do back up and recovery but not a Kubernetes distribution vendor so we’re not forcing customers to say, you must use this version of or this distribution of Kubernetes for you to be able to support it and treat you not even a database vendor. So we’re not forcing people to use that. So what we are in fact seeing is customers are exceedingly used and take their applications in hybrid environments [multi 00:05:22]Cloud on premises when different Clouds.
And so the way Kasten approaches which is philosophically very much in alignment with how deem approaches the solution for data protection is to allow you to have this wide ecosystem of choice to pick up your best storage solution, pick up your best Kubernetes distribution, pick up your best deployment model across these locations. So that’s part one.
Part two to your question about extensibility is why on one hand like I said, we want to improve the out of the box experience and we’ve gone ahead and taken these next generation Cloud Native tools like Prometheus and Grafana, and they’re kind of creating dashboards so that you become productive just as soon as you install Kasten K10.
We also realize that look, people will have applications that require some level of you know customization when it comes to backing it up because applications under the covers are microservices and multiple microservices in the Cloud Native world. And, so when you’re going ahead and backing it up, or when you’re recovering from it, maybe you wanted to go ahead and define the order of operations of saying don’t go and back up microservice to, or when you recovering make sure microservice one is completely rehydrate before microservice two comes up. So those kinds of extensible options is where Kasten K10 allows complete freedom of choice again to the customers are system integration partners by authoring blueprints independent of the Kasten K10 release. And this allows them to go ahead and move very fast which is the requirement in today’s world to be able to use some of the blueprints that we’ve already created, but then also be able to modify or create new ones for a variety of data services, regardless of which Cloud they’re running on or which on Polyverse location they are at. So hopefully that gives you at least of top level overview.
Swapnil Bhartiya: Let’s [clearly 00:07:17] talk about security. I look at security from two aspects. One is of course technology and second is people. We can easily solve or we can easily address the technology aspect of security, but what about people aspect? But I want to talk about security from Kubernetes data management perspective, how different is security in this space as compared to let’s say traditional security or traditional IT?
Gaurav Rishi: Mm-hmm (affirmative) No, have a very good question. You’re right. That’s a good lens to look at a [Tanzu 00:07:48] in terms of what the operations on the human aspects and you know, social engineering is usually one of them where’s people exploit security issues. And of course the technology landscape has changed too. So so both actually are different in the context of Kubernetes is supposed to pull the broad point I’ll make and the reason they’re different is first of all, on the technology aspect of it. You know you are now looking at an environment where application, like I said, it’s supposed to fall a lot more distributed. It’s lots of different data services under the covers. You know, polyglot persistence is the you know, technical term we use to indicate that a single application under the covers might be using multiple databases to solve the job. It could get time series database, it could be a managed data service like an Amazon RDS, and it could be Cassandra or even operator base databases like, Cassandra from DataStax which has been Open-Source.
So, first of all, you have distributed application, which is always getting dynamically we allocated to different physical nodes and so the concept of parameter security or having just a data center security related approaches are completely different. You know you might not even have a virtual machine layer it might be running their metal in this context. So all of the solutions in the security context, which tried to solve it from that perspective are different.
And third from a technology perspective, a lot of the development if I kind of rewind and start from there might be using a lot of capabilities whether it’s Open-Source libraries or modules from a variety of different vendors to build up these microservices. So the way you need bill now, dynamically to keep scanning for critical vulnerabilities et cetera, is very different in this environment than it used to be when you were creating you know traditional maybe three tier or monolithic applications. So, that’s spot one on the part related to the operations on the human aspect of it. You know you’re exactly right. I think over commissioning during both the installation process, as well as on the operation side of it and not having this as you know privileged separation is one of the issues that we see.
And so from Kasten K10 perspective, the way we solve that problem is first of all, we [assassinate 00:10:12] in itself are ready conscious of the surface area that we exposed. And we minimize it obviously. So as an example, when we are going to get an installing in terms of let’s say an AWS environment, we can take an assumed role. We are integrated as an I am. We don’t ask for you know username password type credentials. And we ourselves have gone through a fairly onerousness process both in like an AWS environment or we also then had OpenShift operator certified for example, to make sure that we ourselves have patched up and in addition to that have gone ahead and had ourselves scanned so that we don’t have any vulnerabilities.
And then from an operator perspective, we are well integrated into the Kubernetes, our RackN system. So that when a particular operations team member looks at the Kasten K10 consoler uses an API access to try and do an operation, they are actually getting authorized and authenticated to make sure that they can actually do that particular action and they get a view of only their applications, not somebody else’s application even though they might be on the same Kubernetes cluster. So, so just by going ahead and having that deep integration and surfacing it sort of seamlessly helps a wide some of the human errors also. So I I know it’s a more important topic, but I think those are the two key aspects. In addition to, of course, us being the last line of difference when it comes to things like Ransomware recovery, that truly makes us different and helps customers.
Swapnil Bhartiya: Let’s also talk about edge well first of all you know, everybody defines edge in their own way. When, I talk about edge I’m looking at the edge data centers those far devices which are resource constrained. So, let’s talk about what kind of adoption of edge are you seeing as there are already many lightweight Kubernetes distribution, like 0 case by Mirantis and K3S by Rancher and [SUSE 00:12:08] . And also what role is Kasten by Veeam playing in this space?
Gaurav Rishi: Now. So I think those are good points. So first of all, to your point around edge being an overloaded term 100% agree with you. I think one person’s edge is another person’s data center is the way I joke about it internally. And I think from our perspective having support for a variety of these options because depending on the industry you’re talking about to answer your question about where is edge in terms of production usage and adoption. It it depends based on some of the industries on the use cases. So we are already for example, saying a lot of the telcos talk about you know going deeper into the network you hear a lot in the press about 5g, et cetera, and all of those fall into the definition of edge.
The same time you also talk about devices becoming more intelligent and you kind of get into these IOT type use cases and that’s really interesting. I think when you think about it at a level where a lot of the hyperscalers are going further downstream and taking the Kubernetes distribution where it’s not just available on the Cloud but actually on Prometheus and Tanzu could mean secondary and even unmanned data centers it is another definition of the edge. And I think the point I’ll make is across all these three points are examples of this. We are definitely seen production huge cases. In fact, you know even even air gap, examples of this, where there might be floating ships than the ocean, and they don’t always have connectivity available but are running Kubernetes they are examples that we actually you know get to see.
And do your question about how do we think about you know the key requirements in this particular context and especially when you have variations in terms of the environments that you need to not communicate with limited bandwidth, limited compute power and also at the same time distributed environments where you have some processing going on in the data center and some on Cloud and some in the edge in all of these cases the key requirements that first of all, we recognize and then tackle is that you need to be able to transform your application dynamically. We kind of expect people to change that application but for example, something that is running on a high performance compute node with the high performance flash storage in the storage in the data center needs to first limited functionality be able to run at an edge location. So what that requires is us to go ahead and transform those storage class.
For example, or you know take care of some of the security parameters by aging out some of the certificates. And that’s something that Kasten K10 actually has been doing since version 2.5 with the transformation capabilities. But we’ve gone ahead and taken that and made sure that it’s also works with K3 is like you pointed out you also actually announced that you are launched partners for Amazon’s EKS anywhere which allows you to sort of go ahead and have EKS running on-prem. And this allows for a level of dynamism where we are seeing applications move to the edge, and at times parts of the application move through the data center or cloud to go ahead and complete the in a business problem of being able to process data. So so that’s how we actually go ahead and attack and identify this particular issue.
Swapnil Bhartiya: This is a question that I’ve been wanting to ask for a very long time. Kasten is not kind of part of Veeam. What kind of integration is there between technologies of these two companies?
Gaurav Rishi: Yeah, No thanks, Swapnil. that’s a good question. So, two parts of it I think organizationally Kasten is a independent business unit definitely a part of Veeam. And, that’s why we call ourselves Kasten by Veeam and you sort of introduced us that way. But we work extremely closely cross-functionally across sales, marketing, and definitely engineering to solve the key customer problems like, you pointed out as a as a wider company. So, one part which I would like to highlight as part of a Kasten K10 4.5 announcement is you know our integrations into VBR Version 11A and higher and in that particular context what it allows us and our customers to do is take Kasten K10 and in addition to having object storage or NFS as a target repository for the secure backups we were talking about a moment earlier.
We can also now go ahead and have that sent to VBR. And the benefits of that is a lot of customers obviously have made an investment in VBR and workflows around it whether it’s because of the tiered storage that HP Apollo or Cisco 30 to 60 or Dell EMC data domains. So, not only do we get to have VBR support a variety of different types of workloads not just hypervisor but now Kubernetes application volume data, but we also get to leverage your investments in a lot of these popular backup targets that VBR as already been integrated into. So I think that’s another one which you were quite excited about.
Swapnil Bhartiya: Great. Thank you so much for joining me today. And I look forward to talk to you again soon. Thank you.
Gaurav Rishi: Always a pleasure Swapnil so thank you so much. And look forward to the next time.