Modern IT infrastructure is being transformed by Containers. Containers are similar to virtual machines but have relaxed isolation properties to share the operating system. The Container has its own filesystem, […]
Modern IT infrastructure is being transformed by Containers. Containers are similar to virtual machines but have relaxed isolation properties to share the operating system. The Container has its own filesystem, CPU, memory and process space. Agile application creation, continuous development, environmental consistency across development, application-centric management, efficient resource allocation and resource isolation are the key benefits of containers. Kubernetes is an open-source container management platform that unifies a cluster of machines into a single pool of compute resources.
VMware vSphere is the compute virtualization platform. VMware vSphere 7 rearchitected with native Kubernetes for application modernization that enable IT admins to use vCenter server to operate Kubernetes clusters through namespaces. VMware vSphere with Tanzu provides a platform for both traditional applications as well as modern applications so that both IT admins and developers can access developer ready infrastructure, scale with simple operations. With currently distributed container deployment, it is important to protect the workloads. Dell EMC PowerProtect Data Manager protects the workloads and ensures high availability, consistent, and reliable backup and restore for Kubernetes workload or DR situation. PowerProtect Data Manager offers centralized management, automation, multi-cloud options and advanced integration for ease and simplicity for managing workloads. PowerProtect Data Manager protects VMware Tanzu Kubernetes Grid (TKG) clusters, pods, persistent volume claims, namespaces and other resources.
The Cloud Native definition is an architectural philosophy for designing the applications and infrastructure ‘Containers’ provide a way to package and run the application. To run such applications, container orchestrator is required. Kubernetes is an open-source container orchestrator for managing containerized workloads and services, that facilitate both declarative configuration and automation. It is portable, extensible, and scalable and has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available and these days the applications are constructed of multiple microservices that run a large number of Kubernetes pods and VMs. VMware vSphere with Tanzu helps in creating Kubernetes control plane directly on VMware ESXi by creating Kubernetes layer within ESXi that are part of the Kubernetes cluster. Dell EMC PowerProtect Data Manager protects existing as well as new discovered workloads. It allows IT operations and backup admins to manage VMware Tanzu clusters and its protection through a single management UI and define protection policies for Kubernetes workloads from Kubernetes APIs. The policy driven protection is defined by the Protection Policy mechanism. PowerProtect Data Manager discovers the namespaces, labels, and pods in the environment and can be protected by providing cluster credentials Logging, Monitoring, governance and recovery are done through PowerProtect Data Manager.
PowerProtect Data Manager 19.7 introduces ability to protect Tanzu Kubernetes clusters workloads. VMware vSphere 7U1 re-architectures vSphere with native Kubernetes as its control plane. A TKG cluster is a Kubernetes cluster that runs inside the virtual machines on supervisor layer which allows to run Kubernetes with consistency. It is enabled via the TKG service for VMware vSphere and is upstream-complaint with opensource Kubernetes (Guest cluster). The Guest cluster is consitent Kubernetes cluster running on VMs and consists of its control plane VM, management plane VM, worker nodes, pods and containers. PowerProtect Data Manager protects Kubernetes workloads and ensures the data is consistent and highly available. PowerProtect Data Manager is a virtual appliance that is deployed on an ESXi host using OVA and is integrated with Dell EMC PowerProtect DD series as protection target where backups are stored. Once the discovery of cluster completes, the cluster is added as PowerProtect Data Manager asset source and associated namespaces as assets are available to be protected. During the process of the discovery, PowerProtect Data Manager creates below two namespaces in the cluster. The data is compressed and deduplicated at the source and sent to the target storage.
1. Velero-ppdm: Contains a Velero pod to backup metadata and stage to the target storage in case of a BareMetal environment. It performs PVC and metadata backup in case of VMware Cloud Native Storage (CNS).
2. PowerProtect: Contains a PowerProtect controller pod to drive Persistent Volume Claim snapshot and backup and push the backups to target storage using intermittently spawned cProxy pods.
According to Tanzu Kubernetes cluster architecture, vSphere cluster (ESXi as worker node) has Supervisor clusters and Guest Clusters (TKG Clusters). The guest clusters have their own control plane VMs, management plane, worker nodes, networking, pods and namespaces and are isolated from each other. Supervisor Clusters and Guest clusters communicate via API servers. The cProxy of PowerProtect Data Manager does not have access to supervisor resources such as FCD that gets created as part of provisioning the PersistentVolumes in guest cluster, as it is external to the clusters, therefore, PowerProtect DataManager does not use cProxy for backup and restore process. However, PowerProtect Data Manager utilizesthe vProxy based protection solution. The vProxy agent creates a snapshot of VMs data directly from the datastore. The snapshot is moved directly to the target storage where the backups are stored. When the backup job is triggered, CNDM communicates with VM direct in order to find and reserve a vProxy. The vProxy is created at the vCenter
pecifically for TKG clusters. Once the vProxy is reserved, CNDM initiates the communication with API server of the guest cluster using Velero operator. API server then communicates with PowerProtect Controller (PowerProtect namespace) where the backup job and velero backup custom resources are created. It communicates with Velero PodVM. Velero PodVM is responsible to communicate with API server of Supervisor cluster which in turn talks to MasterVM of supervisor cluster. MasterVM takes FCD snapshot of the pods using backup driver component. Once this task is completed, PowerProtect controller requests vProxy VM to move data from FCD to backup target. The Velero Pod VM has two main components i.e. vSphere Plugin which communicates with supervisor cluster and Data Domain Object store plugin communicates with backup target.
The white paper can be downloaded, by clicking the screenshot below
A previous post on the matter, can be found here
And a demo, showing how it all works, can be watched below