cutimage - Fotolia
Portworx adds security and DR options for container storage
Cisco, Hewlett Packard Enterprise and NetApp have invested in the container storage software startup. Now, the company aims to get those vendors' customers interested.
As containers and Kubernetes gain acceptance and require persistent storage, developers need tools to protect their stateful workloads. Portworx, an early player in container management software, has expanded its core product to help meet that growing demand.
Portworx was established in 2014 to deliver software for cloud-based storage and data management for containers. This month, it added disaster recovery and security options to its Portworx Enterprise application. PX-DR is a new feature of Portworx Enterprise 2.1, while PX-Security now includes roles-based access controls. Other parts of Portworx Enterprise include PX-Store, PX-Central and PX-Data Management. Portworx competes with other startups, as well as established storage vendors, that want to provide container management in their products.
New DR capabilities
The new PX-DR functionality enables users to synchronously replicate data across cloud sites within the same metropolitan area. For instance, a customer could fail over an application from AWS to Microsoft Azure, or vice versa, with no data loss if a data center in the stretch cluster went down.
Portworx Enterprise 2.1 also enables asynchronous replication of Kubernetes applications and data across geographies via a WAN. For instance, a customer could set a policy to back up a container-based application and its data from AWS' U.S. East availability zone to AWS U.S. West on a specific schedule. The user could fail over the application to the distant site if a data center goes down or the Kubernetes application needs an update.
Containers were generally stateless and used only ephemeral storage prior to the debut of Docker volume plugins in 2015. The next year, Kubernetes added similar functionality, with in-tree volume drivers for persistent storage of stateful application data.
"DR [disaster recovery] is probably the newest challenge for containers because of the increasing significance of the applications that are moving to containers," wrote Steven Hill, a senior analyst at 451 Research, in an email. "Providing persistent storage for containers is one thing, but protecting that storage is another. The storage industry as a whole is just starting to figure out how to provide data protection for business data that needs to be as mobile as their containers."
Security functionality
Portworx previously supported key management systems, such as AWS Key Management Service and HashiCorp Vault, which let customers control encryption keys for security. With PX-Security, the vendor adds support for role-based access controls at the container volume level. PX-Security integrates with authentication and authorization technologies, such as Active Directory and the Lightweight Directory Access Protocol.
Enrico Signoretti, a senior data storage analyst at GigaOm, based in Austin, Texas, said Portworx had to add DR and security features for enterprises to consider it for important application workloads. But he said most enterprises are just beginning to use or consider containers for persistent storage.
Signoretti said users could go with a startup, such as Datera, Portworx or StorageOS, that has designed storage specifically for containers. Or, they could opt for an established vendor, such as NetApp or Red Hat, that has added capabilities to make their storage products "container-friendly," he said.
Portworx has gained the attention of some of those established vendors. Cisco, Hewlett Packard Enterprise and NetApp all invested in Portworx's recently closed $27 million Series C funding round. Now, Portworx will try to make its software attractive to its new investors' customers as they increase their container adoption.
"It's easier probably for most enterprises to start with the storage system they already have in place that has an integration with containers," Signoretti said. "But in the medium or long term, if they are focusing on building a large container infrastructure, then thinking about something that is designed for this technology is better."
Kris Watson, CEO and co-founder of Portworx customer Compute Stacks, based in Portland, Ore., said he's looking forward to the new per-volume access control. Compute Stacks built a multi-tenant container platform for its service provider customers that sell cloud services, such as web hosting or email.
"With our integration with Portworx 2.1, we can enable service providers to sell container applications that are locked into a specific volume," Watson wrote in an email. "This would prevent an unauthorized user from manually mounting that volume to another container and accessing that user's data."
Watson said he's also eager to try the new PX-DR functionality to enable customers to keep a full, up-to-date standby cluster and potentially offer premium options with higher service-level agreements. Until now, he said, he has had to use snapshots to back up individual volumes to Amazon S3-compatible storage, and recovery time would be significant in the event of a cluster failure.