HomeOperationsAutomated OperationsMaking sense of Container Data Protection

Making sense of Container Data Protection

This question is often translated into “why backup containers?”. Perhaps the challenge is not about backing up containers but protecting modern containerized applications. Does it make sense to do container data protection?

Why Microservices should be protected?

Microservices are a modern way to deploy platforms. Whether we’re knee-deep into microservices or whether we think containers are the next OpenStack, the reality is that organizations and developers are adopting microservices at an increased pace.

Photo by Max Chen on Unsplash
Photo by Max Chen on Unsplash

In fact, microservices have started to permeate even into the most conservative corporate organizations. As soon as microservices start supporting business processes, they become key corporate assets that need to be protected, just like any other application.

Containers aren’t Virtual Machines

The most common misconception when considering container data protection is to rely on the same approach used with traditional workloads. Unlike virtual machines, it isn’t always clear what needs to be backed up to check the box of data protection.

Courtesy of https://www.weave.works/

Containers provide greater flexibility at the cost of more moving pieces. Persistent application data is one of the easy pieces of the puzzle, but what about container images? It isn’t as straightforward, as they can be stateful or stateless. And if a container is stateless, per its own definition there is no state to be saved. Backing up such a container wouldn’t be a warranty that data and application context are adequately protected.

Challenges of Microservices

Protecting microservices adequately requires adequate coordination. Unlike a virtual machine, there are multiple pieces and dependencies that must be tied together:

  • Persistent application data must be protected
  • The application itself must be protected, which may comprise one or more microservices, containers, 3rd party API services, and more.
  • The application state and dependencies between microservices must also be protected, which consists of metadata, configuration, etc.

Saving the application context as well as the application data is essential to attain complete workload data protection in the world of microservices.

Another key tenet is portability. Not only all these components have to be protected in a consistent form, but the data protection platform must also allow for seamless restores, regardless of the platform location. This critical aspect should not be undervalued when assessing data protection platforms: a backup is worthless if it can’t be restored adequately or at all.

Microservices Data Protection Done Right: Cohesity’s Example

Data Protection for containers needs to shed existing approaches and be built from the ground up to provide a native experience. Among several vendors who are looking at tackling the challenge, Cohesity’s approach is particularly interesting.

Cohesity logo

Instead of looking at containers & microservices from the traditional perspective, Cohesity interfaces with Kubernetes to identify namespaces. A Kubernetes cluster can have one or more namespaces. Multiple namespaces allow different teams or users to share a Kubernetes cluster, while having different authorization rules or policies (quotas, etc.). Namespaces are also used to determine pods, services and deployments within a cluster.

The use of namespaces is clever; it allows Cohesity to perform application-consistent snapshots which covers containers and their dependencies (metadata, persistent volumes, etc.), but also provides granular data protection and recovery capabilities.

Instead of backing up a single container or cluster, namespaces can be used to protect a specific application, or a specific development environment. If an organization uses a production, a development, and a test namespace, they might want to protect their production environment with a higher frequency, development with less stringent rules, and may want to skip tests entirely.

Figure 1 – This diagram depicts the mechanisms used by Cohesity DataPlatform to natively protect Kubernetes namespaces

Cohesity DataPlatform allows single-click recovery of protected applications to any location: on-premises and major public cloud providers (AWS, Azure, Google Cloud Data Platform).

Conclusion: Beyond Microservices

During product evaluation, understanding the full breadth of applications, platforms and use cases supported is key. This is especially true in Enterprise IT, where feature-deep but narrow-focused products are inevitably put aside during the first evaluation rounds.

Organizations usually favor products that support a wide spectrum of use cases with adequate support for each use case. Most often, the reality is that support is either limited or inadequate.

In our view, this is an area where Cohesity has a competitive edge against other contenders. Cohesity has focused over the past years on building a data platform that is centered on data protection and secondary data use cases.

The convergence of both makes Cohesity an ideal candidate to support a broad spectrum of data protection use cases. Native support of microservices use cases can coexist with more traditional technology stacks usually managed in Enterprise IT.

All these workloads are managed from a single platform, reducing operational complexity, lowering TCO and increasing ROI.


Receive our top stories directly in your inbox!

Sign up for our Newsletters