For the latest versions of NetApp® Astra™ Control 23.10 and Astra Trident 23.10, we are excited to announce the general availability of a rich set of features that our customers have asked for. And the most relevant new feature is the backup and restore of Kubernetes applications backed by NetApp ONTAP® qtrees, created and accessed with the ontap-nas-economy storage driver. Customers now get:
Astra Control is an application-aware data management solution that protects, recovers, and moves data-rich Kubernetes workloads in public clouds and on premises. By using industry-leading data management technology for NetApp Snapshot™ copies, backups, replication, and cloning, Astra Control enables data protection, disaster recovery, and migration for Kubernetes workloads.
Many NetApp customers use the ontap-nas-economy storage driver with Trident to provide tens of thousands of persistent volumes (PVs) to their Kubernetes clusters. The ontap-nas-economy storage driver is built on qtrees, a logically defined file system that can exist as a special subdirectory of the root directory within a NetApp FlexVol® volume. With the ontap-nas-economy driver, Kubernetes deployments can scale up to 300 qtrees per FlexVol volume, allowing tens of thousands of PVs per cluster. This massive scale makes ONTAP an appealing option for growing enterprise Kubernetes deployments. However, qtrees don’t support Snapshot copies and can’t be cloned individually. Consequently, apps that use qtrees can’t be protected effectively.
Until now, ONTAP customers could choose either scalable storage (qtrees) or data protection enabled storage (FlexVol) for their Kubernetes applications that require persistent storage. With the latest release of Astra Control, customers no longer have to choose between scale and data protection. They can protect, through backup and restore, Kubernetes applications using PVs that are backed by qtrees, which provide virtually unlimited scale.
In addition to managing and protecting the most popular Kubernetes platforms in the public cloud, with Astra Control Service (ACS), customers can now manage and protect a Kubernetes cluster in a private network on premises. Thanks to an enhanced component of Astra Control called Astra Connector, ACS can communicate to clusters in private networks on hyperscalers or on premises. With this feature, ACS provides a single console to manage both on-premises and public cloud clusters. This centralized management facilitates data and application portability between public cloud and on-premises Kubernetes and OpenShift clusters, enabling hybrid data protection as a service.
Many new regulations about data security and stricter controls require customers to encrypt data that is used by Kubernetes applications everywhere. With Astra Control, customers can now encrypt data in transit, also known as in-flight encryption, between the containers that are running applications and the PVs that store application data. With this new feature, customers can use Kerberos v5 to create a storage backend and storage class, providing in-flight encryption to all PVs that are created using that backend.
Some customers want to use immutable or write once, read many (WORM) buckets to store their backups in a place that’s safe from ransomware or hackers’ attacks. With the latest release, Astra Control automatically recognizes the object storage lock that’s configured, marks the bucket as immutable, and honors the retention period that’s configured in the buckets that store backups. If an attacker gains access to an administrator Astra account, they can’t delete any backups that are part of the immutable bucket until the retention period has expired.
Astra Control Service now supports Red Hat OpenShift Service on AWS (ROSA) clusters for data protection and portability on all possible architecture models:
The supported storage backends for ROSA are FSx for NetApp ONTAP, Amazon EBS, and NetApp CVO.
Customers are demanding better performance for persistent block storage for their Kubernetes deployments at scale. NVMe/TCP is gaining in popularity, and the latest version of Astra Trident can provision block storage by using NVMe/TCP. In addition, Astra Control protects applications by using this protocol to create and to access PVs. Customers can select this new protocol by using sanType=nvme in the Trident backend definition for an ONTAP SAN type of backend. It supports the following volume access modes: RWO, RWOP, and RWX (for raw volumes: volumeMode:Block).
Astra Control now offers advanced storage management, access, and provisioning in addition to Container Storage Interface (CSI) specification–compliant functionality. For customers and partners who are building their own Kubernetes data management control plane but need foundational storage management functionality to do so, this latest release documents and supports the following set of features:
ONTAP cluster admin credentials are no longer required for NetApp SnapMirror® disaster recovery. With this release, Astra Control no longer requires ONTAP cluster administrator credentials. Instead, it delegates the integration with SnapMirror to the storage provisioning system, which requires only storage VM (SVM) credentials.
These Astra Control and Astra Trident updates deliver exciting new app data management functionality and mitigate many of the customer pain points that are associated with Kubernetes data protection and storage management. Free trials are available for Astra Control. To get started, sign up for a free trial today.
Luis Rico is a highly accomplished and respected specialist in data storage, data protection, and disaster recovery. Luis has spent the past 18 years in the data storage industry as a presales consultant helping enterprise customers across the globe. He has been working with persistent storage in Kubernetes and OpenShift since early 2017. At NetApp, Luis is a principal product manager for Astra—a fully managed (SaaS) hybrid multicloud data management solution for Kubernetes applications. Before NetApp, he was a principal solution architect at Red Hat, working with Gluster, Ceph, and OpenShift Data Foundation.