Legacy Data Protection Solutions Can’t Keep Up in Kubernetes
8 Reasons Traditional Backup is the Wrong Choice for Cloud
Perhaps the most important decision you’ll have to make when selecting a data protection solution for your Kubernetes environment is whether to go with a cloud-native platform or to try to use a legacy platform in the cloud. One thing to keep in mind while making this decision is that cloud-native environments like Kubernetes have a very different architecture from on-premises and so it requires a very different kind of backup.
Even well-known legacy backup providers can’t keep up in Kubernetes, because they’re not geared toward protecting Kubernetes workloads. Legacy solutions were designed for monolithic, fairly static applications and generally capture only the data volumes (and no metadata), have strong operating system dependence, etc. Compare that to Kubernetes applications. Kubernetes applications are microservices-based, not monolithic, and dynamic rather than static. Not just that, but they need more than just the data volumes. You need to capture the metadata as well.
As a cloud- and Kubernetes-native backup solution, TrilioVault is able to provide a broad suite of features specifically designed to make backup faster, easier and less resource-intensive in the cloud — features that legacy solutions just don’t have. When you’re making a decision about data protection for Kubernetes, make sure you’re choosing one that is cloud-native, application-centric, agentless, multi-tenant and more.
To try to address these problems, some legacy vendors base their solutions on Velero (click to see comparison with Velero), while others have cobbled together a solution based on their existing VM offering (see below.)
1. Cloud-native and native integration with Kubernetes
TrilioVault for Kubernetes (TVK) is cloud-native — built specifically for the cloud and designed for optimal performance in the cloud and containerized environments. In contrast, legacy enterprise data protection solutions weren’t built for the cloud. Legacy backup solutions that try to support Kubernetes workloads make managing Kubernetes more difficult. In fact, some legacy backup solutions even require an intermediate host (VM or bare-metal) to protect Kubernetes. You can’t have a fully modernized environment if you need to have infrastructure components that rely on legacy technological concepts. Instead, you end up with a legacy solution that generates management overhead and requires additional infrastructure, increasing TCO.
One of the benefits of a cloud-native platform like TVK is that it dynamically scales with the Kubernetes (K8s) application. A legacy tool is much more manual and cumbersome to scale up as the environment grows, because it is not a cloud- or a K8s-native solution. Being microservices-oriented, K8s-native solutions are able to dynamically scale up or down to meet organizational demands. Once you have dynamic K8s-native workloads, you need a data protection solution with the flexibility to scale up and down with it, which legacy tools cannot. Otherwise, you could easily over-provision and waste resources or under-provision and waste person-hours in maintenance and alignment.
TrilioVault for Kubernetes is a Kubernetes-native tool that runs alongside other container based applications in an environment. It also integrates natively with OpenShift, IBM CloudPaks and Rancher (to name a few distributions). It’s packaged as an operator and deployed as a Custom Resource Definition (CRD), allowing you to manage TrilioVault entirely via Kubectl commands.
Legacy backup solutions use legacy methods to qualify newer versions of Kubernetes every time they are released, which means that it takes them longer to support new updates. This is unfortunate, since part of the guiding philosophy of Kubernetes and microservices is faster application development and delivery. As a Kubernetes-native application, TVK releases newer versions of its own software very quickly and performs faster qualification when new versions of K8s are released. TVK supports new versions faster, keeping up with K8s’ releases (while legacy backup solutions get left behind).
2. Application-centric discovery and backup
TrilioVault for Kubernetes provides application-centric backup. TrilioVault backup features let you backup and restore all data, metadata and Kubernetes objects associated with the application. This allows you to set backup SLAs for each Kubernetes application and protect it throughout the lifecycle of that application.
Unfortunately, for those trying to get legacy backup solutions to work in these environments, it can only handle backup by namespace and labels. Namespace-level backup is good for data recovery, but it doesn’t allow for much granularity. In other words, you end up backing up more than what you want to — making it less useful for application mobility and migration. Labels come with a different problem — make one type-o in a label and something you want backed up simply isn’t.
In contrast, TrilioVault provides insight into (and discovery of) applications across multiple views, which enables you to backup based on namespace, label, Helm and Operators. With the most popular application manager for Kubernetes — Helm — you can select what to backup by directly specifying the name of the release. Helm can also upgrade and rollback your application while maintaining packaging consistency (even after a TrilioVault for Kubernetes restore operation). Trilio provides something similar for Operator based applications — a way to not only backup the application resources, but also the operator resources, so that, even after a restore operation, your application stays an Operator-based application.
3. Agentless backup
TrilioVault for Kubernetes is an agentless backup solution. Unlike agent-based backup solutions that rely on software running on the production machine alongside the application, it performs centralized, network-wide, agent-free backup via APIs. Agentless backup simplifies management and maintenance for data protection, provides non-disruptive services to tenants, speeds up backup and restore operations with a tighter RPO and is, overall, more cloud-friendly.
In contrast, legacy backup solutions are agent-based. This design taxes the system, increasing resource consumption, creating an administrative burden and increasing security and administrative risk. On top of this, legacy solutions need a virtual machine or host with an agent running on it outside the K8s cluster. This not only increases the cybersecurity attack surface, it also makes the overall solution platform and operating system dependent, which goes against the overall philosophy of Kubernetes.
As a truly agentless solution, TrilioVault doesn’t compromise the security of applications by inserting burdensome agents or sidecars into pods.
Kubernetes is multi-tenant with activities based on roles and permissions. As a Kubernetes-native application, TrilioVault for Kubernetes leverages those multi-tenancy features to enable role-based activity against operations such as backup, restore, repo, support and others. These permissions can be set up directly within the K8s cluster instead of configuring via separate tools.
As a result, tenants can easily backup their own applications without help from an administrator. This drives enormous benefits for flexibility and efficiency, giving tenants self-service capabilities and ultimately drives down OpEx costs.
Since it isn’t a Kubernetes-native solution, legacy solutions don’t align with the Kubernetes multi-tenant architecture and, consequently, creates much more difficulty and burden on centralized resources to operate and manage.
TrilioVault supports application-consistent backups via hooks. Needless to say, this is a feature that is going to see a lot of use, so you’ll want it to be easy-to-use. TrilioVault provides you with intuitive and easy-to-use hooks created specifically for container environments. Hooks are built and managed as Kubernetes objects, making the overall application consistency workflow intuitive and simple!
Legacy backup solutions don’t provide hooks specifically adapted to containerized environments — let alone specifically for Kubernetes environments. Instead, using hooks becomes a complicated, multi-step process. For instance, a user might need to store the scripts to execute in a particular folder with a very specific naming convention, which is a long and involved process that requires that you go outside the main solution console and perform additional manual steps.
6. Top restore features
As is no doubt becoming clear, the right features can make or break a tool. Trilio provides a well-tested suite of granular restore features, including transforms, skips and excluding resources.
While legacy backup solutions frequently allow you to restore volumes, manifests or entire applications, TrilioVault for Kubernetes takes it a step farther — also allowing you to transform manifest files before the application is restored. TVK also provides flags for handling cluster-scoped resources, which helps keep the restored application from affecting other applications using the same resources in the same cluster — a utility that legacy backup solutions do not provide.
TrilioVault provides out-of-the-box integration with Prometheus and Grafana, the standard observability tools for the Kubernetes environment. With TrilioVault for Kubernetes, you can keep using the tools that you’re familiar with and don’t need to worry about increasing management complexity with yet another new thing to learn. Legacy backup solutions don’t integrate natively with the standard toolset for Kubernetes
8. Open and mobile
TrilioVault for Kubernetes’ backups use open Linux-based formats. This may not sound very exciting, but it makes a huge difference. Open backup schemas help you create additional workflows (AI/ML or GDPR use cases) from the backup data independent of Trilio.
It also avoids vendor lock-in. If you start working with TrilioVault for Kubernetes, you’re not stuck with us. Any data we backup can go anywhere else. With legacy backup solutions, once you start backing up with a legacy solution you’re locked in and your data isn’t going anywhere.