Itzikr's Blog

The traditional application development and deployment models that defined the business of yesteryear has given way to a new wave of flexible and agile applications that allow businesses to quickly respond to the rapidly changing needs of today’s diverse economic and technological landscape. The need to meet the growing needs of the business and the applications that support them are driving cloud strategies, and most organizations are pursuing a hybrid and multi-cloud strategy.

Within that strategy is the adoption of cloud native solutions whereby container-based applications are the choice of enterprise and cloud developers to meet the agility of the business. The most predominant method to orchestrate the container environment is with Kubernetes. As the adoption of Kubernetes grows, Dell Technologies is in lock step innovating along the way. Today, 80% of those Kubernetes workloads are being placed in VMware virtual machines.

Dell Technologies and VMware are helping customers change evolve their infrastructure to support modern applications with consistent operations and increased choice across hybrid cloud architectures. Dell EMC PowerProtect Data Manager brings enterprise data protection for the VMware Tanzu portfolio, on-premises and in the cloud. With VMware running Kubernetes everywhere, enabling the protection of Tanzu is essential for business operations.

The virtual Kubernetes environments are mostly VMware based. With this method of deployment, the persistent volumes are carved with VMware vSphere managed storage as First Class Disk. A FirstClass Disk (FCD) refers to Improved Virtual Disk (IVD) is one of the recent features of VMware vSphere. FCD is the independent disk which is not associated with VM. When Persistent Volumes for cloud native application is created, a virtual disk (VMDK) is attached to Kubernetes node. The disk backup of FCD is similar to that of other VMDKs. The container orchestrates volume snapshot backup with which the volume snapshot is taken, mounted, and streamed block data to target storage. For application level backups, pre and post-hooks are used which quiesce the database, flush, and take snapshots of PVs.

PowerProtect Data Manager 19.7 introduces ability to protect Kubernetes workloads on VMware TKG. The integration between PowerStore and PowerProtect enables backup and recovery of vVol and VMFS based VMware Tanzu Kubernetes clusters with operational simplicity, agility, flexibility.

VMware vSphere 7U1 re-architectures vSphere with native Kubernetes as its control plane. A TKG cluster is a Kubernetes cluster that runs inside the virtual machines on supervisor layer which allows to run Kubernetes with consistency. It is enabled via the TKG service for VMware vSphere and is upstream-complaint with opensource Kubernetes (Guest cluster). The Guest cluster is consistent Kubernetes cluster running on VMs and consists of its control plane VM, management plane VM, worker nodes, pods and containers.

In vSphere with Tnazu, Persistent storage is presented through the VMware CSI driver, called CNS (Cloud Native Storage). CNS uses existing storage options for storage provisioning, in a new way. First it is based on Storage Policies as we saw before and furthermore, it uses first class disks instead of standard disks.

By storing Tanzu workload on PowerStore VVOL, each Kubernetes persistent volumes is an FCD

FCD are just virtual disks, but in the API they are 1st class objects–they can be created and exist independently of a VM. Which makes sense for something a container.

FCDs can be created, snapshotted, resized, etc just like a virtual disk but without a VM to own it, this is exactly what Kubenrers persistent volume claim is

With vVols, when a new snapshot is created, VMware does not create the performance-impacting delta VMDK files that were traditionally used, but instead VMware entirely offloads this process to the array, So the array creates the snapshots and VMware just tracks them.

These snapshots called Managed snapshots.

A major benefit for VVols with Powerstore is that snapshots are now Powerstore volume copies, which are globally data reduced , metadata based (so their creation, restore from and deletion is instantaneous) and are not copy-on-write (so there’s no performance impact during backup operations).

According to VMware TKG architecture, vSphere cluster (ESXi as worker node) has Supervisor clusters and Guest Clusters (TKG Clusters). The guest clusters have their own control plane VMs, management plane, worker nodes, networking, pods and namespaces and are isolated from each other. Supervisor Clusters and Guest clusters communicate via API servers. The cProxy of PowerProtect Data Manager does not have access to the pods running on the guest clusters as it is external to the clusters, therefore, PowerProtect Data Manager does not use cProxy for backup and restore process. However, PowerProtect Data Manager utilizes the vProxy based protection solution. The vProxy agent creates a snapshot of VMs data directly from the datastore. The snapshot is moved directly to the target storage where the backups are stored. When the backup job is triggered, CNDM communicates with VM direct in order to find and reserve a vProxy. The vProxy is created at the vCenter specifically for TKG clusters. Once the vProxy is reserved, CNDM initiates the communication with API server of the guest cluster using Velero operator. API server then communicates with PowerProtect Controller (PowerProtect namespace) where the backup job and velero backup custom resources are created. It communicates with Velero PodVM.

Velero PodVM is responsible to communicate with API server of Supervisor cluster which in turn talks to MasterVM of supervisor cluster. MasterVM takes FCD snapshot of the pods using backup driver component. Once this task is completed, PowerProtect controller requests vProxy VM to move data from FCD to backup target. The Velero Pod VM has two main components i.e. vSphere Plugin which communicates with supervisor cluster and Data Domain Object store plugin communicates with backup target.

Below, you can see a demo how it all works together