Data Protection for Red Hat OpenShift with Rubrik

Rubrik Security Cloud provides a unified, cyber-resilience platform to protect your entire Red Hat OpenShift environment. As organizations consolidate workloads by running both modern containerized applications and traditional virtual machines (Windows and Linux servers) on OpenShift Virtualization, a siloed backup strategy is no longer viable. Rubrik's solution eliminates this complexity by offering a single, policy-driven platform to secure, protect, and rapidly recover both containerized and virtualized workloads from a single interface.

Key Solution Components

Rubrik's integration with OpenShift is a software-based solution composed of several key components:

• Rubrik Security Cloud: The central management platform used to define and apply data protection policies (SLAs) across your entire hybrid cloud, including all your OpenShift clusters.

• Custom Resource Definitions (CRDs): Rubrik installs its own CRDs into your OpenShift cluster, extending the Kubernetes API to make backup and recovery functions native to the platform. This allows you to manage protection as code, just like any other Kubernetes object.

• Rubrik Backup Agent: A lightweight, containerized agent that is instantiated on-demand as a pod within your cluster to perform backup and restore operations. It does not run continuously, ensuring a minimal footprint.

• GraphQL APIs: A robust set of APIs that allow for deep automation and scripting of all backup and recovery operations, integrating protection directly into your DevOps and CI/CD pipelines.

How It Is Implemented and Used

The Rubrik solution is designed to be non-disruptive and integrates seamlessly with OpenShift's native storage and scheduling mechanisms.

The backup process is fully automated and triggered by the SLA policy you set:

• Policy Application: An administrator applies an SLA policy to the asset needing protection. This can be as broad as an entire cluster, as specific as a single namespace, or as granular as a single virtual machine.

• Agent Instantiation: When a backup is scheduled, Rubrik automatically instantiates its backup agent pod in a dedicated namespace within the cluster.

• PV Snapshot: The agent creates a snapshot of the Persistent Volume (PV) associated with the application or virtual machine.

• Data Ingest: The PV snapshot is mounted to the agent pod via a new Persistent Volume Claim (PVC), allowing the agent to read the data blocks.

• Secure and Store: The agent copies the data to the Rubrik cluster, where it is secured and made immutable.

• Cleanup: Once the copy is complete, the agent pod, its temporary PVC, and the PV snapshot are all automatically destroyed, leaving the cluster in its original state.

Restoration follows a similar, on-demand logic:

• Agent Instantiation: The Rubrik agent is instantiated to handle the restore.

• PV Creation: New Persistent Volumes are created in the target namespace.

• Data Copy: The agent copies the data from the Rubrik cluster into the new PVs.

• Object Restoration: Once the data is in place, all the associated Kubernetes objects (like Deployments, StatefulSets, or VirtualMachine definitions) are restored, reconnecting the application to its data.

• Cleanup: The agent pod is destroyed, and the application or virtual machine is fully recovered.

Protection for OpenShift Apps and Virtual Servers (VMs)

Rubrik’s platform protects all workloads on OpenShift by treating both applications and virtual machines as first-class citizens. When Rubrik backs up any workload, it captures two critical things:

• The Data: The Persistent Volume(s) containing the application data or the virtual machine's disk.

• The Configuration: The Kubernetes objects and metadata that define the pod, which includes the VirtualMachine resource for a Windows or Linux server.

By capturing both, Rubrik ensures a consistent and complete backup. This means you can confidently protect a legacy Windows VM on OpenShift Virtualization using the exact same policy and process you use to protect a new, cloud-native containerized application, all from a single platform.

Key Benefits

• Unified Management: Protect both containers and virtual machines (Windows/Linux) from a single interface, eliminating protection silos.

• Policy-Driven Automation: Define and apply a single SLA policy globally, automating protection for all your OpenShift workloads.

• Kubernetes-Native Integration: Leverages CRDs and OpenShift-native tools, like OpenShift APIs for Data Protection (OADP), for a seamless, non-disruptive experience.

• Cyber Resilience: Secures data against threats and provides rapid, reliable recovery for both applications and VMs, ensuring business continuity.

• Multi-Cluster Support: Protect and manage multiple OpenShift clusters from a single Rubrik instance, scaling protection as your environment grows.

Ready to unify your architecture? If you are running OpenShift Virtualization and want to see how this ephemeral agent architecture works in your environment, contact us today.