Introducing Portworx Enterprise 3.6 and Backup 2.11

We’re excited to announce the general availability of Portworx Enterprise 3.6.0 and Portworx Backup 2.11.0, the latest releases in the industry’s leading Kubernetes data management platform. As new workloads including VMs and AI/ML move to Kubernetes, enterprises must secure data while complying with sovereignty and locality regulations across on-prem, hybrid, and multi-cloud environments. Portworx Enterprise (PX-E) 3.6.0 and Portworx Backup (PX-B) enable customers to meet these critical requirements through a variety of new features.

Storage Abstraction
Most cloud-native platforms use a shared-nothing storage model, which works well for stateless microservices but clashes with enterprise requirements. Enterprises already use shared SAN arrays with built-in data reduction, HA, and other features. Layering a shared-nothing architecture on a shared array causes inefficiencies like 2-3x storage overhead and 3-5x network I/O amplification.

Kube Datastore Dynamic Pools
Kube Datastore (KDS), first announced in November 2025, resolves this mismatch. KDS is a VM data architecture that aligns Kubernetes storage with the shared backend, allowing you to reuse the array’s built-in capabilities directly from Kubernetes. A Kube Datastore is a logical grouping of Portworx storage pools carved from a homogeneous shared storage backend.

Portworx Enterprise 3.6.0 introduces Kube Datastore Dynamic Pools. This feature allows storage pools with repl1 volumes to be attached to any node without needing a storage-less node or a Portworx restart. KDS Dynamic Pools help enable:

• Zero-downtime upgrades and maintenance
• Fine-grained, dynamic control of pool movement across nodes
• Improved resiliency and HA

Kube Datastore

Advancing Defense-in-Depth for Kubernetes
Portworx Enterprise 3.6.0 delivers enhancements that strengthen protection from the hardware layer through to cloud infrastructure and improve secrets management. This release advances our defense-in-depth strategy, helping organizations reduce risk while confidently running mission-critical workloads on Kubernetes.

Secure Boot Support
Portworx Enterprise 3.6.0 supports UEFI Secure Boot, ensuring the platform runs only on servers that load cryptographically verified software at startup. This establishes a hardware-rooted chain of trust beneath Kubernetes, protecting against low-level system tampering and strengthening the secure foundation required for mission-critical workloads, especially in regulated environments.

Vault Integration for FlashArray and FlashBlade Credentials
PX-E 3.6.0 enables customers to store FlashArray and FlashBlade API credentials securely in HashiCorp Vault instead of Kubernetes Secrets. Credentials can be updated dynamically without requiring a Portworx restart, reducing operational risk while improving security posture and aligning with enterprise-grade secrets management best practices.

Support for Multiple Secrets Providers
Portworx now supports multiple secrets providers within the same deployment. Organizations can use Kubernetes Secrets for volume encryption while leveraging Vault for infrastructure credentials such as vCenter authentication. This flexibility allows enterprises to meet complex internal security policies without architectural compromise.

Protection Against Unauthorized Azure Cloud Drive Deletion
To enhance cloud resilience, Portworx 3.6.0 adds safeguards that prevent Azure cloud drives from being deleted by external entities. This protection reduces the risk of accidental or malicious infrastructure changes impacting persistent storage, strengthening data durability and business continuity in cloud environments.

Telemetry and Observability Enhancements
Portworx Enterprise 3.6.0 delivers improvements across logging security, monitoring visibility, and diagnostics collection. These enhancements are designed to reduce risk, accelerate troubleshooting, and give platform leaders greater confidence in the health, security, and supportability of their Kubernetes environments.

Logging and Phonehome Security Hardening strengthens protection of sensitive information by automatically redacting credentials – such as API keys, passwords, and certificates – before diagnostic bundles or telemetry data are shared. Enabled by default, this reduces the risk of accidental exposure while maintaining seamless support engagement, reinforcing a secure-by-design posture without adding operational complexity.

Enhanced Grafana Observability delivers clearer, more accurate dashboards with improved filtering, updated metrics, and better panel organization. By enhancing visibility into volume-to-PVC relationships, namespace usage, and cluster-wide performance, the update helps teams identify issues faster, reduce troubleshooting time, and rely on more trustworthy operational data.

Cluster Diags Collection Improvements streamline how Kubernetes diagnostics are gathered by consolidating critical objects into a single, resilient bundle. With clearer status reporting and improved failure handling, this update accelerates root cause analysis and ensures support teams receive the data they need – reducing downtime and improving time to resolution for business-critical workloads.

Performance and Operational Efficiency Enhancements

ReadAhead [Early Access] enhances StoreV2 performance by improving sequential read throughput for workloads processing large volumes of data in order. By intelligently prefetching data, ReadAhead reduces latency and increases read IOPS, delivering stronger performance for analytics, backup, and streaming use cases. Designed for environments with dominant sequential read patterns, this capability helps organizations extract greater performance efficiency from their storage infrastructure.

Rate Limit Replica-Add Traffic allows administrators to define minimum and maximum data transfer rates for replica creation and resync operations. Portworx dynamically adjusts replication traffic based on live application I/O: using more bandwidth during low demand to finish faster, and scaling back during peak workloads. This ensures replication activity does not impact business-critical applications, maintaining predictable performance and operational resilience.

Platform Expansion and Improved Installation Experience

Garden Linux and Gardener Support [Early Access] enables Portworx Enterprise to be deployed on Garden Linux and Gardener-managed Kubernetes clusters. This allows organizations standardizing on Gardener-based environments to run stateful, production-grade workloads with Portworx in their preferred operating system and Kubernetes platform.

Build, Packaging, and Install Improvements streamline Portworx Enterprise deployment and upgrade experiences, making installations faster, more predictable, and easier to manage, including air-gapped deployments. This update significantly reduces image and package sizes, lowering storage and bandwidth requirements and accelerating install/upgrade times. By simplifying installation and removing legacy dependencies, the release improves reliability and operational consistency, leading to reduced operational overhead and smoother upgrades.

Portworx Backup 2.11.0: Faster Recovery and Greater Control for Kubernetes Backups

VM File Level Backup and Restore
Recovering a single file from a virtual machine backup has traditionally required restoring the entire VM and its associated volumes—a process that can be time-consuming and disruptive. With single file restore, administrators can recover individual files or directories from a backup without restoring the full VM.

It’s now easier than ever to recover accidentally deleted files, retrieve logs for troubleshooting, or restore configuration files without impacting running workloads. Targeted recovery enables organizations to resolve issues faster while avoiding unnecessary downtime.

Resilient Kubernetes Resource Backups
As environments grow, backup systems must handle increasingly large volumes of Kubernetes metadata. Instead of storing all resources in a single large metadata file, resources are now organized by namespace and VM.

This architectural improvement reduces memory consumption during backup operations and eliminates single points of failure during uploads. It also enables more resilient backups by allowing individual resources to succeed or fail independently, helping ensure backup jobs complete successfully at enterprise scale.

Granular Kubernetes Resource Restore
Large Kubernetes backups can contain thousands of objects across namespaces. Restoring everything when only a single resource is affected can introduce unnecessary risk and operational overhead. Granular restore capabilities allow administrators to recover specific Kubernetes resources from large backups using filters such as namespace, resource type, or resource name.

This allows teams to recover only the affected components while leaving the rest of the environment untouched, enabling faster incident response and reduced disruption during recovery operations.

Flexible Backup Scheduling
Enterprise environments often require unique backup schedules that align with maintenance windows, operational workflows, or compliance requirements. Enhanced scheduling options now makes it possible to configure backups on specific days of the week or months of the year.

These improvements give more flexibility when designing policies, making it easier to coordinate backups with application maintenance cycles and infrastructure operations.

Edit Backup Scope Without Recreating Schedules
Kubernetes environments change constantly as new workloads and namespaces are deployed. Backup policies need to adapt just as quickly. Admins can now edit label selectors on existing backup schedules directly through the Portworx Backup UI, CLI, API, or Ansible without deleting and recreating the schedule.

This makes it easy to add new workloads to existing protection policies or remove resources as environments evolve without interrupting ongoing backup operations.

Optimize Backup Efficiency
Some teams protect application data at the storage layer through snapshots or external systems. In these scenarios, backing up volume data again can introduce unnecessary duplication.

In Portworx Backup 2.9, administrators gained the ability to back up only Kubernetes volume specifications (PVC/PV) for volumes that are already resilient and stateful while skipping the underlying data. Portworx Backup 2.11.0 now makes this capability available directly through the UI, further improving backup performance and reducing storage consumption.

Documentation and Resources

For more information on all of the features in Portworx Enterprise 3.6.0 and Portworx Backup 2.11.0, including installation and upgrade guidance, refer to the following resources:

• PX- Enterprise 3.6.0 and PX-Backup 2.11.0 Technical Blog
• Full Documentation: Portworx Enterprise and Portworx Backup
• Release Notes: Portworx Enterprise 3.6.0.0 Release Notes and Portworx Backup 2.11.0.0 Release Notes

We’re proud to continue our tradition of innovation with Portworx and can’t wait to see what you build next.