PX-Central is a unified, multi-user, multi-cluster management interface. Using PX-Central, users can backup/restore Kubernetes…
May 4, 2021
Introducing PX-Backup 2.0: More Kubernetes data protection security and scalability for you than ever before
Today I’m happy to announce the upcoming release of Portworx® PX-Backup 2.0. PX-Backup delivers application-aware backup and restore for Kubernetes workloads. It offers enterprise scale and self-service access, providing application owners cloud-like agility and security.
This release is an important milestone for PX-Backup, and I would like to thank the engineering team who has worked extremely hard on it and the many customers who have given us feedback.
Kubernetes is emerging as the platform that modern applications are being built on. Businesses are moving their production workloads and stateful apps to a containerized architecture. We strongly believe that this trend will continue in the years to come, and the key drivers to accelerating this adoption will be hybrid cloud mobility and data protection.
For any modern application, we need to strike a balance between delivering features that will enable agility that will allow the developers to build applications faster and more security and the control that enterprises have come to expect. This needs to be done at a scale much higher than what traditional applications are used to. The data protection products that support Kubernetes workloads today address one or the other—but not both. The traditional vendors have expertise in enterprises and tend to focus on security and scale, but they are extremely difficult to install and manage and are not friendly to application developers. Kubernetes-specific products, on the other hand, focus on the application owners—and rightly so—but fail to address the security and governance requirements that are needed to meet enterprise standards.
With PX-Backup, we take a zero compromise approach. PX-Backup was built for Kubernetes from day one and allows application owners to protect their business-critical workloads. It was also built for scale to support the hundreds or thousands of objects that Kubernetes workloads demand. With this release of PX-Backup v2.0, we are doubling down on our efforts to make the product scale to much larger enterprises—while still offering cloud-like agility.
New architecture built to scale to meet your needs
We have changed our architecture, one of the reasons for bumping the version number to 2.0, and are introducing a new internal metadata database that allows us to scale to millions of objects. In PX-Backup 2.0 deployments, you will see three new pods spread across your cluster to ensure high availability. Current PX-Backup 1.2 customers will be automatically and seamlessly migrated to the new database structure. PX-Backup will install and maintain this database, and no user intervention is required.
Secure self-service data protection management
The key driver for this release is the enhancement in Role Based Access Control (RBAC). While PX-Backup already offered self-service access for application owners, enterprises require control over objects that are being accessed by the app owners and also need to ensure there is proper governance around the level of permissions that the app owners and users get. With the new RBAC changes, PX-Backup allows organizations to authorize the users or user groups using their existing authentication service via OIDC (like Active Directory, LDAP, Okta, etc.) and map them to roles in the product. These roles control the permissions and the actions that a user is allowed to perform. Admins will also be allowed to set the scope of access and allow multiple users to share resources.
There are three new built-in roles with each PX-Backup deployment that closely match the user personas managing the Kubernetes applications and the infrastructure.
The roles are
Infrastructure Admin: This is the infrastructure owner, who has admin privileges for all PX-Backup Objects, like cloud accounts, backup locations, schedules, and rules.
Application Admin: This is the application owner, who can fully manage the apps they own. The Application Admin has admin privileges for schedules and rules and can use existing cloud accounts
Application User: This is a user of an application, who can backup and restore their application but cannot create a schedule policy or rules.
We also allow admins in the organization to create their own custom rules in case the built-in roles don’t fully meet their requirements.
In this model, application developers don’t have to worry about infrastructure management. They simply add their cluster and can view and protect the apps that they have permissions for, while the infrastructure owner does not have to manage protection for each application. Infrastructure owners or any user can create a shared resource pool to share backup locations, schedules, and backup rules with other users. The RBAC enhancements offer perfect harmony between developers and infrastructure owners.
New manageability and usability enhancements to ease Kubernetes data protection
Wait—there’s more. We have also added features that will greatly help with the general usability of the product.
Activity Timeline View: This is a dashboard view of Backup summary that will help users easily track backup completions and failures. Users will be able to use the interactive graph view to see a daily summary view or a more granular hourly view to filter specific time periods and see more details about the backups. The graph makes it very easy to isolate failures. It will also help users plan their backup, as the graph will show the busy time frame and where there are many backup jobs, and it will allow users to evenly distribute it across their backup window.
Application grouping: Modern workloads are application centric and are driven by application owners. It’s important to provide an application-first view when they set up data protection policies. This enhancement provides an app or namespace-grouped view of all the resources. App owners can still get a detailed view of all the resources—like Persistent Volume Claims (PVCs) deployments, secrets, and other resource types that are part of the application. They also get the granularity of picking individual resources when they restore. Some users want the ability to pick just the data (PVCs) and back up more frequently compared to the other resources. This view provides them the flexibility to do that.
Real-time monitoring with Prometheus and Grafana: Prometheus and Grafana are the de facto tools used by Kubernetes administrators to get information about their environment. PX-Backup integrates with these tools to provide real-time information. This allows admins to track data protection status and get alerted about issues in the tool that they already use and are familiar with. You can find more details about the integration and setup here.
Availability in cloud marketplaces: PX-Backup is designed for protecting cloud native workloads. Users can install it in the cloud or on-premises. We are making the cloud deployment easier by integrating in-cloud marketplaces. PX-Backup can now be purchased from the AWS Marketplace and IBM Cloud Catalog. Billing is integrated as well via a pay-as-you-go subscription model, where the usage is charged on an hourly basis. You can subscribe to these services by going to the AWS Marketplace and IBM Cloud Catalog links.
Guided onboarding: The initial getting started experience is the most crucial part for the adoption of any product. We pride ourselves on being one of the easiest-to-use data protection products in the market. We have simplified this process even further by providing a step-by-step click-through guide to help users complete the initial setup process. The guide will walk users through the steps to add a cluster, create schedules, and to add their backup targets.
PX-Backup 2.0 and PX-Backup in AWS Marketplace will be available by the end of May 2021.