Running data-rich applications in containers allows enterprise IT organizations to run cloud-native services on their…
March 19, 2019
Portworx Enables True Cloud Native Data Security and Disaster Recovery for Kubernetes
Portworx customers have been running cloud native applications in production and taking on the task of modernizing applications with containers, Kubernetes automation, and multi-cloud deployments head-on. We’ve written about the evolution of the Portworx Platform to solve the top data challenges holding back Kubernetes adoption before. Most recently we addressed the data portability challenges with our 2.0 release. Now, with the upcoming 2.1 release of Portworx Enterprise, we are enabling enterprise IT departments to meet their business goals for cloud native applications with key enhancements in data security and disaster recovery.
As these companies increase density and expand to multiple clouds, it is critical for IT to maintain the development agility while keeping control from a security and business continuity perspective. The non-negotiable business requirements of security and data protection are uniquely addressed with the addition of two powerful new capabilities to the Portworx Platform: PX-Security and PX-DR.
Complete control over your mission-critical data with PX-Security
Enterprises have established security policies when it comes to controlling how the users setup authentication credentials and what they are privileged to access. These controls are often determined by the group they belong to or the role they are in. This is often implemented via integration with standard user management systems like LDAP or Active Directory. As enterprises keep adding products and services to their portfolio, they expand these sets of controls to prevent compromises and breaches. Cloud native applications are no exception to this and even though a subset of such controls exist in Kubernetes, there is no way to authenticate and authorize access to data. By adding these features natively in the data layer for containers, the Portworx platform brings self-service and trust together to empower greater agility in application development.
Prior to this release, the core feature of PX-Security was container-granular bring your own key (BYOK) encryption. Now, PX-Security extends the Portworx platform to include container-granular role-based authentication, authorization, and ownership in addition to encryption as described below:
- Authentication: JSON Web Token Based model. Comes with OpenID Connect (OIDC) tokens.
- Authorization: Standard Roles Based Access Control (RBAC) integrated into the Portworx SDK. Comes with default roles and can be enabled for custom roles.
- Ownership: Resource Ownership model with unix style permissions for groups and collaborators.
- Encryption: Data Encryption as well as encrypted access to SDK.
By integrating the security layer with the Openstorage SDK and adhering to industry web standards, PX-Security makes it easy for customers to securely onboard new applications to the Portworx Platform with a cloud native architecture for the enterprise. Starting in the 2.1 release, PX-Security is available in every Portworx Enterprise deployment.
While data security is critical to moving enterprise apps to Kubernetes, it is not sufficient. Additionally, as customers extend their cloud native journey to run across data centers, Portworx also has an update to support full disaster recovery.
Introducing PX-DR with Complete Application and Data Recovery
Existing business continuity and disaster recovery solutions work only with specific hardware, need complex networking changes, and do not fit within today’s cloud native workflows. As global enterprises move their mission-critical applications into Kubernetes, one requirement has become clear — customers require the ability to run applications continuously and to be able to survive any level of outage.
But legacy approaches to business continuity (BC) and disaster recovery (DR) do not work with Kubernetes. In every Kubernetes cluster, applications get packaged in Pods, managed by controllers, authorized by namespaces, and access data through Persistent Volume Claims. Blindly replicating at a SAN level between data centers– without Kubernetes applications– is totally insufficient. That would be like moving all the money in a bank’s vault but losing the records for ownership. Moving the Kubernetes application without their data is also a nonstarter.
At Portworx, we worked closely with some of the largest enterprises to develop a true cloud native approach to business continuity and disaster recovery that we simply call PX-DR. Launched today, PX-DR integrates with Kubernetes to provide a true cloud native solution to BC/DR.
First in the industry, PX-DR enables complete Kubernetes failover protection and supports:
- Kubernetes app protection that is namespace aware. Enterprise architects can select which applications to protect and the level of protection based on Kubernetes namespaces. Now the most important applications can be protected with fine-grained control.
- Mediator that is integrated with enterprise data centers. PX-DR mediates failover using on-prem hooks and alternatively, a Portworx provided web service. Mediation does not require another site and can be run in air-gapped data centers.
In order to support any data center topology, PX-DR replicates data synchronously or asynchronously in/across:
- Campus networks where two data centers have latency connections under 15 ms round-trip. A single Portworx cluster stretches across data centers and enables RPO zero failover. Moreover, Portworx runs over TCP/IP and thereby avoids complex low-level networking changes that other solutions require.
- WAN data centers where two independent clusters asynchronously replicate Kubernetes applications and their data.
Finally, because PX-DR is fully integrated with Kubernetes, Kubernetes administrators and IT now have a true cloud native approach to recover apps and data. With PX-DR, the Kubernetes cluster can be configured where an:
- Active Kubernetes cluster continuously updates application changes to a Standby cluster or send updates every 15 minutes or hourly. Again, policies can be defined at the Kubernetes namespace level.
- Standby Kubernetes cluster has every controller (Stateful set, Replication controller) ready to spin up Pods. So now all applications (that use data and that don’t) can launch and serve users for a near zero RTO recovery of apps and data.
The complete PX-DR solution is available as an add-on to Portworx Enterprise 2.1 deployments.
Find out More about 2.1
Every release at Portworx is thanks to the dedication of our team and our customers. Cloud native is not just an industry trend, it’s also an exciting area of product development where customers are working with vendors to transform application delivery and data center infrastructure. On behalf of Portworx, thanks to our customers that helped us define and co-create this latest release of Portworx Enterprise.
To find out more about this latest 2.1 release, please join us in our upcoming webinar scheduled for March 27th at 9 AM PT/12 PM ET/4 PM GMT. In the meantime, follow us on Twitter, join our Slack channel, and reach out to talk cloud native storage and data management!