GP - Fotolia

Portworx focuses on protecting container apps

The Portworx PX-Enterprise 2.2 storage software update adds single-command backup of container-based data and Kubernetes resources to S3-based object storage.

The next Portworx Enterprise update will focus on backing up and securing data in containerized applications.

Portworx Enterprise 2.2, due next month, will enable customers to do a single-command backup of container-based application data and Kubernetes configuration information to an S3-compatible object store. The data can be kept in an encrypted state throughout its lifecycle, and the customer controls the encryption key.

"Traditional enterprise backup solutions tend to focus only on data. Container backup solutions tend to focus only on the objects," said Michael Ferranti, vice president of product marketing at Portworx, based in Los Altos, Calif.

Portworx previously offered backup with its PX-DR module. But in the disaster recovery scenario, customers had to send the data and Kubernetes objects into another fully active cluster that also included compute and network resources to run the applications. Ferranti said customers also wanted to back up data volumes and Kubernetes resources to an Amazon S3-compatible object store when they don't have a zero recovery point objective or a low recovery time objective (RTO).

Portworx Enterprise 2.2 will also pull a complex Kubernetes application with multiple containers from an object store, with its data and configuration information, to restore it. Customers can configure the frequency of the snapshots that create an application-consistent copy of the distributed applications, Ferranti said.

"Just by redeploying your Kubernetes manifests, that application can be up and running again, and all of your encryption keys are maintained," Ferranti said.

Potential for overlapping backups

Other storage vendors offering container backup capabilities include Asigra, Reduxio and Storidge, according to Marc Staimer, president of Dragon Slayer Consulting. He said it was important for Portworx to add the new backup functionality, but it might not be the best option for every customer.

Staimer cautioned IT shops about the potential for overlap between the backup capabilities they might get through a container storage product such as Portworx and existing backup products that they may already have in place.

"This has been the problem with VMware- or Hyper-V-only types of backups," Staimer said. "It tends to be overlapped by other forms of backups, and that causes issues in the amount of storage that you end up utilizing for your backups. You're going to back up the same data multiple times.

"And the second aspect," Staimer said, "is when you have an outage and go through a recovery, it can get to the point where you're actually overriding previous recoveries, therefore affecting data that was created in between, because every product has a different RTO."

Staimer recommended that large organizations running mission-critical applications consider sticking with a comprehensive backup and recovery product. But he said smaller shops or departments within large organizations might find the more limited backup capabilities within a container-focused storage product such as Portworx would work fine.

'Err on the side of extra backups'

A data services manager at a large media and entertainment company that uses Portworx said he's not concerned about the potential for overlapping backups. The manager, who requested anonymity, said Portworx allows the company to schedule or take one-off backups whenever there's a need, and that process wouldn't affect existing database backups.

"The data backups that we have are looking at that data from an application perspective, whereas the Portworx snapshots are really looking at it from a block storage perspective," he said. "And the truth is, storage is cheap. As far as I'm concerned, it's better to have more backups than fewer. So, I will always err on the side of extra backups."

The data services manager said he is looking forward to Portworx Enterprise 2.2's support for the Container Runtime Interface-Open Container Initiative (CRI-O) lightweight Kubernetes container runtime that will replace Docker in Red Hat's new OpenShift 4 release.

"We're very interested in getting away from Docker. We don't want to be installing the Docker binaries on any of our systems anymore," he said, adding that Docker has gotten "big and bloated." He said his company asked Portworx to support CRI-O so his company can test it against the Google-backed, stripped-down containerd alternative.

Also new in Portworx Enterprise 2.2 is the ability to move applications to different namespaces within the same Kubernetes cluster and a built-in data caching layer to accelerate reads and writes.

According to a recent Portworx-commissioned survey, 435 IT organizations that indicated they run containers cited their top storage challenges as ensuring data security, guarding against data loss, and planning for disaster recovery and business continuity. Many respondents also noted concerns about legacy storage technologies not being a good fit for container workloads and, in general, storage that does not scale effectively with the number of containers. Aqua Security conducted the survey for Portworx.

Dig Deeper on Storage architecture and strategy