VMware Tanzu Mission Controlがデータ保護を取得

VMwareは、Tanzu Mission Control製品にディザスタリカバリコンポーネントを追加しました。これにより、IT部門は夜間の睡眠が改善されます。VMware added a disaster recovery component to its Tanzu Mission Control product that should allow IT departments to sleep better at night. That new feature is data protection, which allows for central management of data protection of Kubernetes clusters running across multiple environments. This includes the ability to back up and restore Kubernetes clusters and namespaces. Tom Spoonemore, product manager for at VMware, explained in a blog post that the data protection is targeted at the state stored in a Kubernetes cluster. This can include config maps, custom resource definitions, and secrets stored in the Kuberneres control plane. “Protecting that data is as critical as it is with any other element of your IT infrastructure, so it should be covered by data protection and your disaster recovery plan,” he wrote. The data protection feature is built on the Velero project. VMware tweaks it a bit by providing a central management plane instead of having Velero operating directly in each cluster. It can also use Velero to handle data protection on clusters that are not provisioned by Tanzu Mission Control. “You can back up and restore clusters, namespaces, and even groups of resources using Kubernetes label selectors,” Spoonemore wrote. “Tanzu Mission Control automatically passes these commands through its cluster agent technology and Velero executes the backups, delivering status, errors, and other details.” The initial release uses a customer’s Amazon Web Services (AWS) S3 Object store as a backup target. The data is isolated in the S3 bucket and uses a short-lived password that is rotated every 30 minutes to control access. Persistent volumes attached to a pod is also automatically snapshotted into a customer’s AWS Elastic Block Store (EBS) and is fully recoverable. The use of a customer’s AWS assets means that VMware is never in possession of the application data. Backups can be managed to save an entire cluster or just a portion using namespaces or label selectors. The backup process removes the old data from storage to minimize costs and deleted clusters can either be completely removed or kept for future restores. The product’s restore feature can recover namespaces and persistent volumes from any of the cluster’s backups. This includes recovering a full cluster or just select data. VMware launched its Tanzu line at last year’s VMworld event. It basically encapsulates all of the vendor’s Kubernetes-focused products and services into a single wrapper. (It has also quickly become an important revenue driver for VMware.) As part of the unveiling, VMware also previewed the Mission Control product as a way to provide a single point of control from which customers will be able to manage all their Kubernetes clusters regardless of where they run. Mission Control became commercially available in March, and VMware has since been rolling out updates to the broader Tanzu platform and Mission Control. The Mission Control specific updates include support for scan types using the Center for Internet Security Benchmark. This allows a user to baseline their deployed cluster configuration and monitor its ongoing compliance tied to the security standard. Users can also tap Mission Control to provision clusters directly into an existing AWS Virtual Private Cloud (VPC), and have greater control for deployment into a specific IP block.