We are thrilled to announce a new fully managed service for Portworx Enterprise that brings…
April 14, 2023
Fully Managed Portworx Backup Cluster Access
We love to use solutions that make our lives simpler. As a Platform Engineer, you have a lot of responsibilities and a lot of work to do to ensure your applications are always available and protected from a catastrophic failure. You need to use tools that either let you get more done in less time or reduce the complexity of day-to-day work tasks. But sometimes, the tool you choose to use can introduce more toil into your day, and you may find yourself spending more time managing the tools that were supposed to help you.
This is often why we gravitate toward software-as-a-service (SaaS) solutions. But SaaS offerings can also be challenging, especially if their purpose is to help manage your on-premises environments. If their purpose is to manage the sensitive infrastructure inside your corporate data center or cloud environments, you have to make security exceptions to allow them access into your data center. Fully managed Portworx Backup is designed to solve this problem.
Portworx Backup as a fully managed service takes a different approach to help alleviate these security concerns. It allows you to use a SaaS-based data protection product for your critical containerized applications—no matter where they live and without allowing access into your datacenter over a public network like the Internet. This allows customers who have Kubernetes clusters inside their corporate firewalls to use fully managed Portworx Backup to backup their Kubernetes persistent volumes and pod metadata to protect it against data corruption or failure.
Fully Managed Portworx Backup Communication
Fully managed Portworx Backup uses an agent-based approach to reach back to the managed control plane for instructions. Inbound access from these SaaS portals is often considered a security problem for many companies. Getting permission to allow inbound access from the Internet is not something to take lightly. By using this agent type of architecture, it alleviates the need to expose the Kubernetes API to the Internet, and it does not require inbound access into the application clusters.
The steps from the above diagram are explained below:
- An Administrator installs the PX-Platform agent to the desired Kubernetes cluster.
- The PX-Platform agent configures a Teleport agent on the cluster.
- The Teleport agent uses a join token to connect to the Teleport Server on the SaaS control plane and sets up a reverse ssh tunnel connection.
- The Teleport Server creates a Kubernetes API Proxy, where SaaS control plane commands can be sent back over the SSH tunnel to the Kubernetes API server.
By using a reverse proxy for communication between the SaaS Control plane and your Kubernetes API server, you can remove the need to have the Kubernetes API server exposed on a public network like the Internet.
Fully Managed Portworx Backup Installation
To install the fully managed Portworx Backup agents into your Kubernetes clusters, navigate to the Portworx Central portal. From Portworx Central, go to the Clusters page, which is where you’ll see any of your previously configured clusters. From the screenshot below, you can see that we haven’t added any clusters yet, but we can easily connect our Kubernetes clusters by clicking the Connect Cluster button from the UI.
When you connect a cluster to PX Central, a new tile will appear with a helm command used to install the Portworx Backup agents. There are two options for this helm command, depending on whether you’re running the OpenShift clusters or not. Choose the platform that matches your environment and copy the helm command displayed.
Note: Clusters running Portworx Backup service agents will also need to have Stork deployed to the cluster for storage scheduling activities. If you are running Portworx Enterprise, this prerequisite has been completed for you already. If you’re not running Portworx Enterprise, there is a command that can be copied below the helm commands to install Stork to your cluster. This is required to take backups.
Copy the helm command provided by fully managed Portworx Backup, set your Kubernetes context to the cluster you wish to add to Portworx Backup, and run the helm command.
Once the helm command completes, you can check to see if the pods are being created successfully by running this command:
kubectl get pods -n px-platform-system
Here you can see some of the agents being used to communicate with the Portworx Backup control plane. Notice the Teleport agent pods and the PX-platform pods that we mentioned previously in this article.
Once the agents have been deployed, the cluster should show up in Portworx Central. Since you may have multiple Portworx Backup instances, you’ll need to click the link titled +Attach BaaS Instance.
When you attach the cluster from Portworx Central to a fully managed Portworx Backup instance, you’ll give your cluster a descriptive name and then select the backup instance that you have access to.
Once you’ve attached the cluster, it will show up in your list of Kubernetes clusters. You will then want to select your cluster and add any cloud credentials used with those clusters.
By clicking the warning message, you can assign the cloud account credentials to your cluster so you can start backing up your containerized applications and data.
Platform Engineers can use fully managed Portworx Backup to backup their container-based applications and persistent volumes—without exposing their clusters to the Internet. By leveraging the Portworx Backup agents, engineers can manage all of their Kubernetes clusters from a single cloud console—even if they are behind a corporate firewall—as long as there is outbound access to the fully managed Portworx Backup control plane. This makes fully managed Portworx Backup the fast, easy, and secure data protection solution for managing backups across a hybrid cloud environment or for performing migrations between environments.
Get started with fully managed Portworx Backup free forever
Gain immediate product access with no install or credit card required. Protect 1 cluster and up to 1TB of application data for free.
Sign Up Now
Back to Blog