Storage for Containers

 View Only

Application-centric Enterprise Data Management for Containers

  • 1.  Application-centric Enterprise Data Management for Containers

    Posted Thu March 17, 2022 10:49 AM

    Sumant Padbidri – IBM Distinguished Engineer, Spectrum Fusion

     

    Running stateful containerized applications in a hybrid cloud is a big part of the digital modernization journey. Businesses are looking for platforms that they can trust deploying their mission critical applications to. As applications scale from on-premises data centers to public clouds to edge locations, they need to ensure secure data availability. Otherwise, vast amounts of data can be stranded on geographic islands out of reach of analytics and AI.

     

    IBM Spectrum Fusion takes on this challenge by providing a container-native data management solution on Red Hat OpenShift, the industry's leading Kubernetes platform. It combines market leading high performance clustered file system and data protection technologies to provide an innovative and differentiated global data fabric. IBM Spectrum Fusion addresses several enterprise-class data management use cases including:

     

    • Flexible deployment models that include the industry's first container-focused hyperconverged appliance that makes production-ready OpenShift deployment a breeze and a software-only edition that can be deployed to existing OpenShift environments.
    • High availability that ensures data availability for mission critical applications even after disk, node or even rack level failures.
    • High performance access to storage even at large scales to keep applications running at business speed.
    • Simplified access to multiple tiers to storage to achieve an optimal balance between performance and cost.
    • Optimized access to existing data sets residing in traditional storage systems.
    • Support deployment of GPU-accelerated applications and IBM Cloud Paks.
    • Data protection that ensures data consistency when applications are backed up and restored.
    • Inclusion of data management in CI/CD pipelines and DevOps automation.

     

    This article introduces IBM Spectrum Fusion's architecture and the capabilities it enables.

    Architecture

     

     

    IBM Spectrum Fusion is built using a container-native architecture that brings together proven IBM technologies and provides a simple, yet powerful, user experience for application-centric data management. The modular architecture allows for the addition of new and exciting capabilities in the future. Let's take a quick tour of the key components.

    Application-centric Management

     

    A core concept in IBM Spectrum Fusion is an application. It is possible to manage data at an individual PVC level, but managing data at an application level enables powerful capabilities like backing up and restoring applications with consistent data, making copies of an application, migrating an application, etc. While Kubernetes is an application deployment platform, it does not have a consistent way of defining an application. So, IBM Spectrum Fusion provides a custom resource definition that allows you to define the scope of an application. Initially, an application will equate to an OpenShift project (namespace). In the future, more flexible ways of identifying the scope of an application will be provided. All components of the architecture are application aware.

    Data Storage

     

    At the heart of IBM Spectrum Fusion is IBM's proven clustered file system. It is a container-native software defined storage solution that provides RWO and RWX storage to containers using Kubernetes-native CSI interfaces. A key differentiator is its truly global namespace. Data can be accessed from anywhere to anywhere without duplication. Efficient caching algorithms ensure high performance even when accessing data in remote regions. It implements a zero-bottleneck architecture that utilizes all available resources in parallel for maximum performance and high availability. It can scale from just a handful of nodes to thousands, so it can keep up with the demands of a growing business.

     

    Providing high availability necessitates creating redundant copies of data. The data storage component provides flexible ways to achieve an optimal balance between redundancy and cost. The HCI edition uses efficient erasure coding algorithms to achieve redundancy while maximizing utilization. A single rack configuration achieves 66% utilization of raw disk capacity while being able to tolerate up to two simultaneous node failures in a 20-node rack. A three-rack configuration achieves 57% efficiency while tolerating the failure of an entire rack. Compare that with a replica-based strategy where utilization is 33% when using three replicas. There are deployment topologies that necessitate using replicas as is used by the software-only edition when deployed across multiple availability zones.

     

    The data storage component is application-aware, so it can take instantaneous snapshots of all the PVs used by an application regardless of the number of storage classes used. This is a very powerful capability that we'll explore in the next section.

    Data Protection

     

    Enterprise data management use cases include the ability to periodically backup applications so that they can be restored to a known previous state when needed. IBM Spectrum Fusion includes IBM's proven data protection technology to reliably backup applications. It can create both local backups as well as copy data to an external, even offsite, S3 compliant object store. Local backups can be used to recover quickly (low RTO) while external backups provide protection from disasters (with higher RTO).

     

    A key capability of the data protection component is to backup up a consistent state of an application. There are two ways to get a consistent state of an application, both of which are supported.

     

    1. Quiesce the application using Velero style hooks so that application state in memory buffers is flushed to disk and I/O is stopped before PVs are. snapshotted. This approach achieves the highest level of consistency but comes at a, sometimes severe, cost of application downtime. Depending on the application, downtime could range from a few seconds to multiple hours. That inhibits the ability to take frequent backups, which result in higher RPOs.
    2. Simultaneously snapshot all the PVs of an application without suspending I/O. This results in what is called a crash consistent snapshot of the application. This is equivalent to the infrastructure hosting the application crashing, say, due to a power outage. In this case, the application has not had a chance to flush any memory buffers. Some applications can recover from such a state. For such applications this mechanism provides a differentiated capability to backup with zero downtime. You can have low RPOs with more frequent backups.

     

    The data protection component provides "incremental forever" backup. That means that only the first backup is a full one and all subsequent ones only backup changes. This results in significant performance improvements.

     

    Although a very common use case for data protection is restoring an application to a known previous state, this capability enables several other powerful use cases. 

     

    • Create multiple copies of an application by restoring to different projects (namespaces). You may do that for development and test purposes as part of an automated pipeline.
    • Restore a backup of a production application to a different project to troubleshoot a problem without impacting the production instance.

    Data Management APIs and User Interface

     

    IBM Spectrum Fusion provides Kubernetes-native APIs for data management. All data management capabilities can be accessed via custom resources (CRs) in a declarative way. Kubernetes operators are provided to monitor CRs and implement the desired state. This enables powerful automation capabilities by including data management in CI/CD pipelines and techniques like GitOps.

     

    IBM Spectrum Fusion's graphical user interface (GUI) provides user friendly access to data management capabilities. The GUI is driven by the data management APIs, so the GUI and the APIs can be used interchangeably. A good way to learn about APIs is to configure something in the GUI and inspect the CR that gets created.

     

     

    Let's look at a typical workflow for backing up and restoring an application using CRs and the GUI.

     

    1) Identify an 'Application' that should be backed up. IBM Spectrum Fusion automatically defines an application for every OpenShift project (namespace).

     

    2) Create a 'Backup Storage Location' that specifies a S3 compatible object store bucket that backups are copied to. You can configure multiple locations.

    Custom resource:

    apiVersion: data-protection.isf.ibm.com/v1alpha1

    kind: BackupStorageLocation

    metadata:

      name: aws-bucket

      namespace: ibm-spectrum-fusion-ns

    spec:

      type: aws

      credentialName: "aws-credentials"

      params:

        bucket: backup-bucket

        region: us-east-1

    GUI:

     

    3) Create a 'Backup Policy' that specifies the schedule for taking backups, retention limits and the storage location to back up to.

    Custom resource:

    apiVersion: data-protection.isf.ibm.com/v1alpha1

    kind: BackupPolicy

    metadata:

      name: aws-daily

      namespace: ibm-spectrum-fusion-ns

    spec:

      backupStorageLocation: aws-bucket

      provider: isf-ibmspp

      retention:

        number: 7

        unit: day

      schedule:

        cron: 0 12 * * *

        timezone: America/Los_Angeles

    GUI:

     

    4) Create a 'Policy Assignment' that assigns a backup policy to an application.

    Custom resource:

    apiVersion: data-protection.isf.ibm.com/v1alpha1

    kind: PolicyAssignment

    metadata:

      name: wordpress-aws-daily

      namespace: ibm-spectrum-fusion-ns

    spec:

      application: wordpress

      backupPolicy: aws-daily

      runNow: true

    GUI:

      •  

    5) Selecting "run backup now" in the previous step will create a backup as soon as the policy is assigned to the application and thereafter on the schedule specified. You can also request a backup on-demand.

    Custom resource:

    apiVersion: data-protection.isf.ibm.com/v1alpha1

    kind: Backup

    metadata:

      name: wordpress-backup-2022-03-01

      namespace: ibm-spectrum-fusion-ns

    spec:

      application: wordpress

      backupPolicy: aws-daily

    GUI:

      •  

    6) Restore the application from a specified backup. Here's what the CR looks like:

    apiVersion: data-protection.isf.ibm.com/v1alpha1

    kind: Restore

    metadata:

      name: wordpress-restore-2022-03-01

      namespace: ibm-spectrum-fusion-ns

    spec:

      backup: wordpress-backup-2022-03-01

    GUI:



    ------------------------------
    Matthew Leib

    Content posted for Sumant Padbidri - IBM Distinguished Engineer, Spectrum Fusion
    ------------------------------