After installing Veeam Kasten and learning to access the Dashboard, we can explore its key features and capabilities. These tools are essential for managing and protecting your Kubernetes environments. You can use profiles as the backbone of Kasten’s data management workflows, defining and organizing the resources needed for your organization’s tasks.
Creating Infrastructure Profiles
An infrastructure profile provides the necessary credentials for Kasten to directly interact with storage infrastructure, primarily for snapshot operations in environments using legacy, in-tree storage provisioners.
In most modern deployments, infrastructure profiles are not needed if the primary storage is managed via a CSI provisioner that supports creating and restoring VolumeSnapshots, as these operations are handled through the Kubernetes API server rather than directly with the storage system. However, in environments relying on in-tree provisioners, infrastructure profiles become essential. These are required to enable advanced features unavailable through CSI drivers, such as Changed Block Tracking for AWS EBS or Azure Managed Disks. It’s important to note that infrastructure profiles are not used to configure backup targets (Location Profiles).
Below are some of the supported in-tree provisioners:
- AWS
- Azure
- Google Cloud
- Portworx
- Openstack
Creating Location Profiles
Veeam Kasten can usually invoke protection operations, such as snapshots within a Cluster, without requiring additional credentials. While this might be sufficient if Veeam Kasten is running in some of (but not all) the major public clouds, and if actions are limited to a single cluster, it is not sufficient for essential operations such as performing real backups, enabling cross-cluster and cross-cloud application migration, and enabling DR of the Veeam Kasten system itself.
To enable these actions that span the lifetime of any one cluster, Veeam Kasten needs to be configured to have access to external object storage or external NFS file storage. This is accomplished via the creation of Location Profiles.
Supported location profile types include:
- Object Storage Location: Amazon S3 or S3 Compatible Storage, Azure Storage, Google Cloud Storage
-
NFS Files Storage Location
-
Veeam Repository Location
A Veeam Repository Location Profile is used to export or import vSphere CSI provisioned volume snapshot data in a supported vSphere cluster from a Veeam Repository. A Veeam Repository cannot be used to backup application metadata (manifest data), so it is always used in conjunction with another location profile that can be used to save restore point data. For more information on this, see our documentation.
Configuring Location Profiles
Location Profiles in Kasten define where backup data is stored and how it is accessed. Configuring these profiles allows seamless integration with storage solutions like S3, NFS, and VBR, while advanced options like immutability ensure data protection against threats.
Let’s explore how to set up and use Location Profiles effectively below!
S3 (Object Storage)
Organizations leverage S3 for long-term retention, disaster recovery, and compliance purposes. With features like Object Lock for immutability, S3 ensures that backup data remains tamper-proof, making it a reliable solution against ransomware attacks and accidental deletions.
How to Configure an S3 Location Profile:
-
Access Credentials:
Obtain the S3 bucket name, access key, and secret key for your object storage. -
Create a Location Profile:
-
Navigate to the Kasten K10 dashboard and select Location Profiles.
-
Click Add Profile and choose S3 Compatible Object Storage.
-
-
Enter Details:
-
Input the bucket name, region, and endpoint URL.
-
Provide access and secret keys for authentication.
-
-
Set Advanced Options:
-
Enable Object Lock for immutability if required. Note that this would require object versioning and object lock to be enabled for the bucket being configured.
-
Configure retention policies to align with your compliance needs.
-
-
Test and Save:
Validate the connection to ensure the configuration is correct, then save the profile.
NFS (File-Based Storage)
NFS (Network File System) is ideal for environments that require high-performance, on-premises storage with access to backups. It’s commonly used for recovery scenarios, development, and testing environments or when low-latency access to backup data is critical. NFS provides seamless integration with Kubernetes clusters.
How to Configure an NFS Location Profile:
-
Prepare the NFS Server:
Ensure the NFS share is accessible from the Kubernetes cluster and has appropriate permissions. -
Create a PersistentVolume (PV) and PersistentVolumeClaim (PVC):
-
Create a PersistentVolume (PV) defining the NFS server, export path, storageClass and capacity details.
-
Create a PersistentVolumeClaim (PVC) with the same storage class name and capacity in the Veeam Kasten namespace (default kasten-io).
-
-
Create a Location Profile:
-
Access the Kasten Dashboard and navigate to Location Profiles.
-
Click Add Profile and select NFS Server as the storage type.
-
Select the PVC you created in the previous step as the reference for storage.
-
-
Save the Profile:
-
Once all details are validated, save the Location Profile for use in Kasten Policies. This profile will now be available as a storage target when configuring backup, restore, and export operations.
-
Unlike direct connections to storage like S3 or NFS, VBR (Veeam Backup & Replication) serves as an intermediary, managing backup data within its ecosystem. Backup metadata is handled separately, offering enhanced control and operational flexibility. This works by integrating Kasten backups with existing Veeam infrastructure, allowing unified management of Kubernetes and traditional workloads.
When integrating Kasten with vSphere through VBR, it’s important to understand the restrictions that can impact backup and recovery operations. These challenges often arise due to dependencies on vSphere features, resource contention, or storage limitations. Properly addressing these restrictions ensures seamless data protection workflows for your Kubernetes workloads.
How Immutability Works for S3
Kasten leverages object storage features like S3 Object Lock to create write-once-read-many (WORM) backups. Immutable backups are tamper-proof, ensuring recovery integrity even in malicious scenarios.
By integrating immutability into your storage configurations, you create a tamper-proof layer that guarantees the integrity and reliability of your backups, making it a critical component of any comprehensive disaster recovery plan.