Primary Storage

 View Only

Ceph Cluster Deployment Strategies for Veeam and Kasten OCP Backup Solutions

By Krishna Ramaswamy posted Wed November 27, 2024 08:53 AM

  
Problem Statement:
 
(Q): Each environment will have 1 CEPH cluster with One (1) Veeam and Kasten backup for OCP Applications
However, the backup software environment (Veeam and Kasten) are ingesting data from 3 different customer environment
The data must not have any visibility between the different customer environment
3-6 buckets is required.
 
1. What is our best practices ?
2. One zone with three pools ?
3. Three zones with one pool in each zones ?
4. Any experience to share ?
 
A. Configuration Strategy
 
3 Zones, 1 Pool per Zone:
Each zone will contain one pool, providing isolated storage for data coming from each customer’s backup software.
You can create multiple buckets within each pool as required by the number of applications or logical separation needed within each customer environment.
 
Bucket Policies and Access Control:
Ensure bucket policies are configured to allow only the backup software (Veeam and Kasten) access to the specific buckets they need.
Using Ceph’s role-based access control (RBAC) in conjunction with separate zones will enhance security and ensure compliance with data separation policies.
 
B. Key Considerations
 
i. Data Isolation:
Since your backup software is ingesting data from different customer environments, isolating the data across separate zones will ensure there is no cross-visibility between data.
Using separate zones with independent pools enforces this isolation, which is beneficial for security, compliance, and logical data separation.
 
ii. Simplified Management:
Configuring each customer environment to have its own zone means any policy changes or quotas can be applied specifically to a particular zone.
This setup provides greater control and simplifies troubleshooting for each environment without affecting the other zones.
 
iii. Scaling and Availability:
Ceph zones allow for scalability, as each can be independently scaled based on specific requirements. For instance, if one customer’s data grows faster, you can adjust the storage resources for that zone alone.
Availability requirements can also be tailored per zone.
 
iv. Ease of Bucket Management:
With each customer having its own dedicated zone, creating 1–2 buckets per zone as required will simplify management and avoid complex configurations.
Summary:
To optimize Ceph cluster deployment for Veeam and Kasten backups in OCP applications, ensure data isolation across three zones with one pool per zone. This setup prevents cross-visibility between data from multiple customer environments while maintaining compliance and security. Use bucket policies and RBAC for controlled access to specific buckets.
0 comments
10 views

Permalink