As we wrap up the 2021 VMblog Mega Series Q&A series, we speak with Sathya Sankaran, Chief Operating Officer at Catalogic Software, and we're diving into the topic of Kubernetes and containers.

Sathya Sankaran:  Catalogic Software had been in the data protection business for over 25 years. In November 2020, we launched CloudCasa, a new Kubernetes backup-as-a-service offering with a free service for Kubernetes developers. In May 2021, we sold our enterprise copy data management business to our strategic partner IBM, providing the capital for us to accelerate our entry into this new and exciting cloud-native data protection market. We have quickly caught up with the early market leaders and recently CloudCasa was recognized as a fast mover and emerging leader in the GigaOm Radar for Kubernetes Data Protection report.

In 2022, we will expand our enterprise multi-platform, multi-cloud, and multi-team capabilities and deliver new cyber resiliency features and continue to offer great value to developers and DevOps teams with our free service plan.  And we look forward to meeting people in person at the KubeCon + CloudNativeCon conferences in Europe in May and in North America in September.

VMblog:  We are here to talk about Containers and Kubernetes. How does your company define it and look at it?

Sankaran:  Containers are at the core of many digital transformation initiatives where a top business driver is to speed up the development and delivery of applications in cloud environments. Containers are a natural evolution from virtual machines to a more granular and portable application environment in clouds. Kubernetes has emerged as the de facto, open source platform for managing containers, including automating deployment, scaling, and operations of containers across clusters of hosts.

The opportunity we see with containers and Kubernetes is to address the services not provide by Kubernetes including data protection and disaster recovery across multiple Kubernetes and cloud environments.

VMblog:  What are some of the benefits of Containers and Kubernetes that people should be aware of?

Sankaran:  Enterprises are always trying to do more with less and containers are the latest computing abstraction and efficiency framework for cloud computing and cloud applications. Containers reduce the footprint of applications and make them more computationally efficient, and in addition, they make your code portable to many different platforms at once.

VMblog:  For the less-technically knowledgeable business user, how do you describe containers and Kubernetes and why they are important?

Sankaran:  Here's an analogy - most of us drive to a grocery store in a car. A car is a framework for orchestrating a million discrete parts (the microservices) that work in conjunction in the car to get you to the grocery store. Similarly, containers are the discrete parts (the microservices) that make up an application. Kubernetes is the car orchestration framework that provides granular control of the microservices, to make sure the containers are all working in sync and allowing the application to scale up or down when you press on the gas or brakes.

VMblog:  Are there any drawbacks to containers that people should be aware of?

Sankaran:  While containers and Kubernetes give you plenty of granularity and flexibility, the skillsets needed today are higher than compared to maintaining virtualized applications. Also, think back to when organizations started projects to transition to VMware, but there was a shortage of people and experience on how best to operate in a virtualized environment. We currently have a similar shortage of DevOps and Kubernetes skills and experience.

VMblog:  What are the top challenges of DevOps implementations?

Sankaran:  In some ways the challenges of the DevOps model are related to its strengths. DevOps is intended to make the enterprise nimbler by decreasing the time it takes to deliver new applications or iterate on existing ones. It does this by breaking down some traditional organizational barriers. The DevOps team is empowered to make rapid application changes and bring them to production, along with whatever infrastructure changes are necessary to support them. This is very effective, because the development team typically has the best understanding of the application and what it needs to run. However, they don't always have the deep understanding that specialist IT teams have of ancillary areas like data protection, security, networking, monitoring, etc. And due to the velocity that DevOps teams can operate at, sometime these topics don't get the attention they need.

VMblog:  What are the current Kubernetes and Container trends your company is seeing in the market?

Sankaran:  Trends are often nothing but our collective reaction to customer demands.

Trend 1: Multi-cloud applications

Portability is great, but I want simultaneous interoperability in a multi-cloud environment. As we see more cloud outages as we have seen with AWS, there will be a tremendous opportunity to build solutions that work seamlessly across different cloud environments.

Trend 2: Cyber Resilience

We write code once; it can run anywhere, but is it malware? All kidding aside, security is a joint responsibility when it comes to cloud environments. We see cyber resilience becoming a prime design consideration when it comes to Kubernetes environments.

Trend 3: Skills Shortage

Where are the Kubernetes experts at? Over 100,000 people registered for Kubernetes certification courses in the last year alone. The industry is adding skills at a rate that is comparable to the rise of VMware 15 years ago. Learn or be left behind.

VMblog:  What role does a Kubernetes software platform play in the public cloud?

Sankaran:  Kubernetes has become the de facto standard platform for how new applications are deployed into the public cloud. We see three types of applications in public cloud:

• Cloud-native - Applications that are born in the cloud. These tend to be containerized more often than not, and Kubernetes is already the de facto standard here for AWS, Azure and Google.
• Cloud-migrated - Applications that have been lifted and shifted to the cloud. This is often due to someone's vision to rely on cloud computing rather than expanding a datacenter footprint.
• Cloud-transformed - Applications that were migrated but are now being re-platformed to optimize for cloud resources. Much of Kubernetes' initial growth will come from this bucket of application. Adoption will not be a problem because it can show tremendous cost savings when transformed.

Sankaran:  In addition to the growing need for skillset, we see 3 main challenges:

1. Security - More moving parts in the open can imply more holes to take advantage of. Do you want your clusters mining crypto for someone else at your expense?
2. Governance- Multi-cloud operations, data protection, multi-tenancy are all challenges that the ecosystem is fast addressing.
3. Observability - The eventual success of Kubernetes will be when people can understand and manage their operations and see that they have it under control.

VMblog:  What are key best practices that enterprises leverage to help mitigate management challenges of large-scale container usage?

Sankaran:  Based on the above challenges, here are some corresponding best practices:

1. Security - It is important to design applications with security in mind. Start with a security posture review that spans across your Kubernetes environments as well as your cloud environment.  Keep in mind that Security is a layered concept, and it is not a discrete state. The more layers (configuration, container, and network scans) you add to protect your environment, the harder it is for a cyber attacker to find vulnerabilities to exploit.
2. Governance - Go back to your basics. In our line of business, it is both fascinating and frustrating to see people choose to not do backups because of misconceptions such as "containers don't persist state" and "our cloud provider takes care of backups."
3. Observability - If you are using Kubernetes and not using an open source monitoring tool like Prometheus, you are doing it all wrong. By the way, don't forget to backup your Prometheus configuration and data as well.

VMblog:  Data security and governance, especially with the emergence of the cloud, are top concerns of modern enterprises. Do containerized applications pose the same risk to data?

Sankaran:  In many ways, the risks are the same, but new security solutions are needed. We think of Security in two ways:

• Protecting your data from unauthorized access: Containers have isolation built into their namespaces framework to limit unauthorized interactions. But runtime security becomes extremely important to make sure containers are doing what you want them to do.
• Protecting you from uninterrupted operations: Locking someone out of your car is easier than protecting your side mirrors, exhaust, and tires from tampering. Containers have more layers and more dynamism, and that requires more protection. Cloud providers help, but enterprises need to do their part with purpose built vulnerability management tools and services.
  

VMblog:  Where does your company and product lines fit within the Container and Kubernetes space? 

Sankaran:  At Catalogic, we've built a cloud native (born in Kubernetes in the cloud) backup service called CloudCasa that is focused on protecting container and cloud native workloads. We are educating users every day that containers generate persistent data more and more and that data needs to be backed with retention polices for compliance. We are also helping them understand that the public cloud provider, or your IT team if self-hosting Kubernetes, cannot restore your Kubernetes environment in case of data loss if you don't backup your Kubernetes resources and your application data.  This is like the early days of VMware when restoring a server or a volume snapshot did not restore the VMware environment, and VM backup specialists like Veeam arose.

VMblog:  Finally, how are you different from your competitors?  Why would someone prefer your offerings to those provided by others in the industry?

Sankaran:  

1. CloudCasa is a SaaS application that was built with Kubernetes for Kubernetes environments. DevOps and developers are already managing a million moving parts that are constantly changing underneath them. CloudCasa does all the work for them to protect and recover their applications and data. And as a SaaS application, there is no software to install and patch and no need to manage a backup environment or even to monitor the backups, given CloudCasa does that for you also.
2. CloudCasa is cloud-aware.  Sounds kind of obvious to say that, but as an application built with Kubernetes to support all distributions and clouds, and that runs in multiple cloud environments, we really understand Kubernetes and the differences between public clouds, so we can hide all that complexity.
3. Catalogic is proactive with security: As your data insurance policy, we are also motivated to help ensure that your data and your Kubernetes and cloud environments are secure. Therefore, we have built in security scans for your Kubernetes and Cloud environments that warn you ahead of what you need to do to be cyber resilient and prevent data loss and interruptions.
4. Free Service Plan - CloudCasa is free forever if you just want to protect your data with snapshots.  The free plan supports an unlimited number of worker nodes and clusters across multiple distributions and cloud providers, even on-premises.  We only charges users when they want to make backup copies with retention policies in addition to managing snapshots.