1. Kubernetes data protection represents a massive opportunity
Around 30% of global organizations are currently running containerised applications in production – by 2022, Gartner predicts that figure will be as high as 75%.
Microsoft has invested heavily in Azure Kubernetes Services to ensure that managing and deploying containerised apps is easy, scalable, extensible and portable. AKS also eliminates the burden of ongoing operations and maintenance by provisioning, upgrading, and scaling resources on demand, without taking applications offline.
However, there are still specific challenges that need addressing.
Organisations utilising AKS need backup to recover fully stateful applications in the event of:
- Accidental deletion
- Upgrade errors
- Inability of existing traditional tools to protect container environments
Service providers that add application-centric data protection to their Kubernetes environment offering will be in a better position to meet customer expectations and more able to help them capitalise on the benefits offered by cloud-native technologies.
If the AKS backups are stored within Azure, Microsoft partners offering the service can benefit from an additional source of revenue, driving commercial benefit in the form of cloud consumption and rebates.
2. A solution aimed at mainstream admins will be more popular and cost-effective
Until recently, Kubernetes has been utilised largely by the highly technical, early adopter community including devops. Power users such as these do not typically buy through the channel.
However, a growing number of second-generation adopters of cloud infrastructure, with mixed IT estates, less technical IT admins and a cloud-first policy for new apps now require Kubernetes backup. These organisations typically seek the assistance of a channel partner to help them modernise applications and solve cost and operational problems with existing cloud deployments.
To do that, service providers need a user-friendly solution, aimed at mainstream cloud admins and not just highly technical Kubernetes experts.
For example, any solution that requires scripting is not ideal as it immediately lends itself to being complex and prone to user error.
Kubernetes backup, specifically designed for the needs of the majority, should require less technical expertise to deploy and update and minimal ongoing management.
What is needed is a solution that will set up backup schedules and select all data for protection automatically, but that allows you to edit schedules manually, if required.
3. Look for a partner-friendly solution with low management overhead
As a service provider managing multiple client estates, it is vital to choose a multi-tenanted solution.
The capability to protect a customer in minutes and start restoring in seconds will keep management overheads very low.
Also important is the need to be able to enjoy high margins. Look for a channel focused vendor with a simple and aggressive pricing model.
4. Dealing with one Microsoft-aligned vendor will be less challenging and probably more cost-effective
A solution that is purpose-built for Microsoft cloud partners may enable you to protect Kubernetes, Azure machines and M365 workloads from one application.
When checking audit logs that display user actions, such as manual backups and restores, it would be hugely beneficial to be able to view and manage the protection of any data hosted within any Microsoft cloud service.
However, if your solution is not Microsoft aligned, juggling multiple solutions will be necessary. This is not ideal because different systems have different interfaces, different methods of protection, different security and authentication methods and all solutions will require training of varying levels, depending on solution management complexity.
Working with a vendor who is an IP Co-Sell Partner can increase the engagement level with your local Microsoft subsidiary.
If the terminology is aligned with Azure and interfaces display official Azure icons, there will be a large degree of familiarity and enhanced usability.
Whilst Microsoft has invested heavily to ensure that Azure and AKS is as simple to manage as possible, the Azure environment is very feature rich and therefore remains somewhat complex – both in user interface as well as in functionality. A Microsoft-aligned solution should have the capability to ensure that all customer data is effectively and safely protected within all the correct places from within the Azure environment with as much complexity as possible hidden from the user.
Automated schedules and intelligent functionality, ensuring that minimal clicks and no scripting is required, can simplify complex workflows to make the backup, restore and visibility experience as seamless as possible.
5. Consider carefully whether you really want the ability to perform selective backups
Being able to back up app only or app plus data, an entire namespace or a single pod, may actually end up being a disadvantage in the long run.
This is because apps are evolving over time. Different teams might deploy into the same cluster, so if you start micromanaging backups today, how sure are you that your backups will not miss an important component tomorrow?
You may end up with an application missing components that are actually required for a website to run, or be without an application that performs a key feature.
The impact may not be restricted to data loss, the result could be lost customers who are no longer able to use the application because it is not functioning as it should.
Backing up entire clusters with all their configurations is a much better option. If the policies and schedules are protected by default, it also means that backups and recoveries are kept simple and require minimal intervention from the user.
6. Use backup targets to drive further commercial benefits
A solution that uses the customer’s or service provider’s existing Azure infrastructure may also be a big bonus as this could drive commercial benefits in the form of discounts or rebates.
A service provider, though, should have a choice in how they would like to replicate to other regions. There should also be the ability to offload to other destinations. For example if a solution is using Velero – a convenient, open-source backup tool for Kubernetes clusters – there are a number of possible backup storage locations.
Backups could also be stored at an Azure storage account level, in which case a region would need to be specified.
7. Avoid circumventing Microsoft security
Ensuring a service is easy to set up, shouldn’t require compromising on security.
For example, if an AKS backup solution utilises Velero, a well developed open-source technology, it remains simple to ensure that only authorised IT staff are able to manage and access backups within AKS.
Automation should eradicate the need to set up security manually within Azure. Another benefit of an automated solution is that security can be set up to assign the required permissions only on a cluster-by-cluster basis and this minimises damage in the event of a cluster being compromised.
8. Avoid over-complicating backup for AKS
It’s clear that you cannot just back up a VM/server in Kubernetes, a service needs to be tailored specifically for Kubernetes.
Tooling for schedules, jobs, retention, audit and search may all seem important, but when it comes to protecting Kubernetes, the over-riding imperative is that any service you choose remains super simple for whoever is managing it.
It is totally counter-productive to overwhelm users with more options and features than they really need.
A service should set up schedules automatically. For example, as soon as a user adds a cluster to protect, it should also have a backup schedule, so that it backs up automatically. Ideally all you need is an indication that a backup is in progress and a notification that it has been completed.
9. Keep restore capabilities to and from clusters as simple as possible
Speed will be of paramount importance in the event of an issue e.g. ransomware, accidental or malicious deletion, misconfiguration, upgrade errors. Having the capability to inject data quickly and easily back into an existing cluster will therefore be crucial. Granularity can sometimes be beneficial, but almost always adds complexity, the potential for misconfiguration and an increased risk of errors.
For instance, it should be possible to restore a cluster in a few clicks. All the user really requires then is the capability to view progress and to receive a notification when the activity is complete.
10. Ensure you can easily roll out protection at scale
For a solution to provide a good source of revenue and protect a broad customer base, MSPs and IT service providers need to be able to set up and auto-scale protection for multiple customers quickly and easily.
Kubernetes clusters autoscale by default to handle demand – and ideally your backup solution should do the same whilst providing visibility of the growth of resources over time.
This is vital to inform your decision-making as an MSP and how you advise your customers.