Bring Resiliency To Kubernetes With Trilio

Guest: David Safaii
Company: Trilio
Show: Let’s Talk

The theme for KubeCon 2021 is ‘Resilience Realized’. According to David Safaii, CEO of Trilio, the meaning behind that stems from how the cloud-native space is evolving so quickly and also “The adoption from a multi-cloud perspective and really what that does, it creates a whole new line of vectors or injection points into a company’s application, right?” Because of that, the need for resiliency, or data protection, becomes more important than ever. With attackers trying to frequently penetrate a backup system, either through administrative consoles or storage media itself, they’re trying to modify a point in time or an encrypt point in time. Before an organization knows it, they’ve lost data and won’t have the ability to recover.

This means data protection needs to be at the forefront of every conversation, especially in the cloud-native space. This is made even more important, according to Safaii, because “the number of people that are about to go into production very shortly is increasing at a significant pace.”

Trilio addressed the idea of data protection in their latest release, TVK 2.5. With the recent release, Trilio has added multi-namespace backup support and other storage targets such as Azure Blob and GCP. But the most important component of the new release focuses on ransomware.

On the subject of data protection, Safaii believes the ability to protect data has become hyper-critical. He says, “I’ve done a lot of cybersecurity work in my career, and we really took a hard look at this emerging problem.” Safaii adds, “And from the perspective of the best approach to deter things like ransomware, we, in this latest release, have adopted a zero-trust framework and aligned to a lot of missed standards.” Trillo has adopted several components, like identify and protect, detect, mitigate, and recover. To address those issues, they added new functionalities, such as multifactor authentication, scanning, and deep logging. These things come together such that the protection of data becomes paramount.

Trilio has taken this one step further to include immutability, where “Trilio engages the S3 object-blocking mechanism. So even if your platform or your clusters have been compromised, the hacker can’t delete or modify your backups.”

And Trilio’s approach to encryption is somewhat different. To this, Safaii explains, “So the end-user has the encryption keys, right? So think of it like Bitcoin, right? Keys equal coins, and the key holder has access to those coins, just like your data. You should have control and protect the data as you want. Again, aligning to this zero-trust paradigm that we’re seeing. So the need for this is more important than ever, and protecting the application and its associated data from the start, has to happen today.”

Trilio is helping companies, no matter where they are on their journey. One thing the company discovered is within the cloud-native landscape, the approach to lifecycle management of an application has changed. To this, Safaii says, “Lifecycle management of an application has now become a team sport if you will. And so it doesn’t matter whether you are part of the DevOps team, SRE, GitOps, or IT ops. It’s about managing the application.” From the Trilio perspective, it goes back to flexibility. Safaii addresses this issue by saying, “I am developing the best solution in the world to allow you to have point-in-time re-orchestration. And whether your needs are backup and DR, or if it’s from a security perspective, or perhaps it’s in a DevOps world, a test dev environment, you have to have that flexibility.”

That flexibility comes in how Trilio’s product is consumed. “So going back to the DevOps people, we have CLI that you can absolutely use. From the ITOps world, we have a UI. So whether you think in workflows or you want to leverage CLI it’s entirely up to you. Now, going back to that flexibility, the onus is on us and on my team to make sure that we work in a number of different environments.”

Over the past year, Trilio has gone to great lengths to ensure that they certify themselves across a number of environments, such as OpenShift, Rancher, Tanzu, Ezmeral, Mirantis, and Digital Ocean. Safaii says, “This past year, we released the ability to consume and monitor Velero-based backups as an example, right? Velero being an open-source-based project that allows you to back up things, label-based applications. And really quickly, the community, as they make their way to production, has found, they need more of an enterprise-class solution.”

Going back to the topic of resiliency, Safaii says, “Resilience starts at the very beginning. And then we go from that Day Zero conversation to your Day One and start to build, test, and deploy, and our capabilities are there for you to leverage all along that continuum.”

The summary of the show is written by Jack Wallen

Here is the rough, unedited transcript of the show…

Swapnil Bhartiya: This is your host Swapnil Bhartiya and welcome to TFiR let’s talk about Kubernetes. This is a special series of the show for KubeCon and CloudNativeCon and my next guest is once again, David Safaii CEO of Trilio. David, it’s great to have you on the show.

David Safaii: Good to see you again. Thanks for having me.

Swapnil Bhartiya: The theme for this year’s KubeCon is resilience realized. What exactly does that mean from the perspective of Trilio and you?

David Safaii: Yeah. Good question. We’re really excited about the theme overall. I mean, as you’ve seen it firsthand, this cloud-native space is evolving so quickly, but also the adoption from a multi-cloud perspective and really what that does, it creates a whole new line of vectors or injection points into a company’s application, right?

So the need for resiliency or data protection becomes more and more important than ever before, right? Attackers are trying to frequently kind of they’re trying to penetrate a backup system, either through administrative consoles or through the storage media itself. They’re trying to modify a point in time or encrypt point in time, and before an organization even knows it they’ve lost data and they won’t have the ability to really recover.

And so data protection really needs to be at the forefront of every conversation, especially in the cloud-native space. And lastly, I’ll leave it off, leave it with this is that what we’ve seen in this market is the number of people that are about to go into production very shortly is increasing at a significant pace.

It’s great for the community. It’s great for the end users, right? It’s great for people that are finding efficiencies through cloud-native applications. So these are really exciting times

Swapnil Bhartiya: Getting started with a new service and everything else is great, but continuity is what matters. Also when we do talk about overall service, no offenses, but an app can come and go. What really matters is data. That is the real asset there. We have also seen a spike in attacks, whether you talk about ransomware, whether you talk about compromised infrastructure, and a lot of things are either social engineering, or it could be, of course, one of the biggest thing is misconfiguration, right?

And third is, of course, there are bugs which lead to those. If you look at cloud [inaudible 00:02:43] technology or companies, now it’s moving into production, the adoption is growing, which also creates where we should start getting worried about it as well.

So if I ask you, as you are alluding to some things that, adoption is growing, and also like… How concerned are you that we should take data protection even more seriously? And when we look at our infrastructure, we should not just get worried about or focused on protecting our apps, but also look beyond that?

David Safaii: It’s something that we really tried to address in this latest release of TVK two dot five. You know, this recent release, we’ve added things like multi name space backup support, and other storage targets such as Azure Blob and GCP, et cetera. But really the big component to this release was around ransomware.

And to your point, the ability to protect that data has become hyper critical. I’ve done a lot of cybersecurity work in my career, and we really took a hard look at this emerging problem. And from the perspective of a, the best approach to deter things like ransomware, we in this latest release have adopted a zero trust framework and aligned to a lot of missed standards. And what that means is that we’ve adopted number of components.

That’s things like identify, and protect, and detect, and mitigate, and recover. And all these things include a host full of features and capabilities like multifactor authentication, and scanning and deep logging, et cetera. So protection of that data becomes paramount.

And so to take it one step further, we’ve now included immutability right, where Trilio engages the S3 object-blocking mechanism. So even if your platform or your clusters have been compromised, the hacker can’t delete or modify your backups.

And I’d also say, in contrast to what other vendors do, our approach to encryption is really… We leverage key management systems today. So the end user has the encryption keys, right? So think of it like Bitcoin, right? Keys equal coins, and the key holder has access to those coins, just like your data. You should have control and protect the data as you want. Again, aligning to this zero trust paradigm that we’re seeing. So the need for this is more important than ever, and protecting the application and its associated data from the start, has to happen today.

Swapnil Bhartiya: And when we are talking about data, actually, you and I met at OpenStack Summit years ago. Nowadays data is in big, massive data centers, which is big, giant, all the resources are available to you. It also at the far edge, where resource constrained devices they have, bandwidth limitation. But the beauty is that Kubernetes is kind of everywhere. There are lightweight Kubernetes distributions all the way from Rancher, SUSE, Canonical, Mirantis, they’re all there. Data is also there, but data is therefore, far away from you. From TVK 2.5 or from Trilio’s perspective, is that edge also in your radar? And if it is how different is the need or challenges for data protection at the edge versus your on-prem data center or cloud?

David Safaii: Yeah. So that’s a really good question because if you look at the adoption of edge computing in a lot of edge technologies, it’s everywhere and people don’t even realize it. It could be, whether it’s your retailer, in your POS system, or it could very well be a Telco that’s looking to push applications and data and computing to that edge.

And what we did was… Everything that we do with our Trilio Vault for Kubernetes application is meant with flexibility in mind. The solution is completely agnostic on a number of levels. We are distribution agnostic as long as you adhere to CNCF standards. We are storage agnostic, NFS or S3 storage environments. We are cloud agnostic. And then we are also agnostic in the sense of however you want to build that application. So it may be labels. It may be helm. You may be using other distributions that require operators. We will provide data protection throughout.

So as people are adopting additional technologies and additional techniques to push applications farther to that edge, they should have a peace of mind that they can recover, perhaps, that application or that data. Or curate and pull a point in time back, and identify what is happening at that edge.

Or perhaps even, the conversation around stateless applications. Well the thing is, I’ve had a number of conversations with CISOs around the world who talk about things like drift, right? Just because I’ve published and pushed an application that’s meant to be stateless, what’s running at the edge, may not be the case, right? Their configurations may change, et cetera, along the way.

So how do I capture that runtime state? Compare it to what I initially wanted to produce and show the delta. And then take that runtime state, recover it, perhaps, into a sandbox and start scanning and forensically going through this stuff, right? Again, you start pushing things to the edge, there are more attack vectors. I need to protect at the edge. I need to recover at the edge. I need to be able to monitor and forensically go through the applications and the datas at the edge.

Swapnil Bhartiya: There was so much to unwrap in what you said and it also kind of shows that if you look at cloud-native, [inaudible 00:09:25] is less about a thing, it’s more about doing things in a certain way, if I’m not wrong.

And a lot of practices that are there can also help a lot of IT or DevOps challenges there. So if I ask you, as you folks do a lot of work outside of just cloud-native, I mean, actually I think it’s cloud-native too, this work, is that what are the challenges that are there for IT teams, or DevOps team, or dev Sec Ops teams, or SRE teams? Their, the rules and paradigms are evolving over time and how can Trilio help them irrespective of what label they wear on their shirt?

David Safaii: Yeah. That, so that’s a really good question because what we’ve experienced now is that with this cloud-native landscape, is that the approach to lifecycle management of an application is changed. Lifecycle management of an application has now become a team sport, if you will. And so it doesn’t matter whether you are part of the DevOps team, your SRE Git Ops, or your IT ops. It’s about managing the application.

And so, from a Trilio perspective, I go back to flexibility. I am developing the best solution in the world to allow you to have point-in-time re-orchestration. And whether your needs are backup and DR, or if it’s from a security perspective, or perhaps it’s from a, in a DevOps world, a test dev environment, you have to have that flexibility.

And also when you… That flexibility comes in how you want to consume our product. So going back to the DevOps people, we have CLI that you can absolutely use. From the IT Ops world, we have a UI. So whether you think in workflows or you want to leverage CLI it’s entirely up to you. Now, going back to that flexibility, the onus is on us and on my team to make sure that we work in a number of different environments.

So over the past year, not only have we gone at length to make sure that we certify ourselves across a number of environments, such as OpenShift, or Rancher, or Tanzu, or Ezmeral, or Mirantis, or even Digital Ocean, just to really name a few. We’ve also had to take a step and make sure that flexibility is there to consume a number of, perhaps items or solutions that you are currently using, prior to the need to upgrade to an enterprise caliber solution.

So what does that mean? This past year we released the ability to consume and monitor Velero-based backups as an example, right? Velero being an open-source based project that allows you to back up things, label based applications. And really quickly, the community, as they make their way to production has found, they need more of an enterprise class solution.

So we now give you the ability to consume those Velero based backups, monitor what you have in place, but also graduate with the Trilio Vault for Kubernetes platform, to an enterprise caliber solution. And again, with all that flexibility in mind.

What are the… One of the other things that we’ve empowered people within this team approach to do is, I mentioned before the requirements to whether you’re a DevOps or IT Ops. Well, from a DevOps perspective, we’ve taken a step to enhance Dev Op workflows by integrating Trilio Vault for Kubernetes with things like GitHub runners.

So now you can take production data, marry it with code check-ins and to test that application and that point in time, all along the way as you’re developing. So there’s a number of great use cases for point-in-time re-orchestration, and it requires a platform with flexibility and agnosticism to do that.

Swapnil Bhartiya: Excellent. One more thing that I want to talk to you about is that in the DevOps or cloud-native world, we always talked about, hey, breaking down those old silos. But the fact is that we have kind of created new silos, right? When we say SRE, or when we say Dev Sec Ops, or when we say that…

So, which also means that, within an organization, when it comes to data protection or security, depends on how you are labeling it. The buck stops at a certain team, or it should be an organizational problem. So how do you look at it? Because there is a technical aspect, you can provide them with technology, but you have to also help them with the cultural translation as well. So, so what are you doing in that space?

David Safaii: That’s a good question, right? Because this is… I think it starts at day zero. Trilio’s ability to create point-in-time records really needs to be part of the design and the approach to developing your cloud-native application.

Yes, people are running to developing a cloud-native application, because they needed to do this one thing right away. But if you make that… You go and you develop that application, and then all of a sudden you start thinking about day two initiative after the fact or as you’re sprinting towards production. That’s one other element you need to throw into the mix that you have not been building and testing for all along the way.

So the conversations that we’ve been having with people, with architects, and CTOs, is that it should be part of your Kubernetes stack. So the conversation starts in the very beginning. Resiliency starts in the very beginning. And then we go from that day zero conversation to your day one and starting to build, and test, and deploy, and Trilio and our capabilities are there for you to leverage all along that continuum.

So whether you’re, you’re a DevOps individual that wants to leverage TVK and leverage it for a certain number of things, TVK should be part of that framework as that life cycle continues. And as the time that the application finds its way to production and IT Ops says, “We have some governance things that we need to make sure are in place, whether it’s backup, or disaster recoverability, how do I do it?” And we’ve been there. We’ve been there from the start.

Swapnil Bhartiya: Cloud-native work is not about going there solo or going alone. It’s working in an ecosystem, a big ecosystem partnership. How important are partners for Trilio? And if you can also share some exciting use cases that you worked with your part, through your partners?

David Safaii: The ecosystem is hypercritical, right? For us, as I mentioned before, we go to great lengths to make sure that TVK works with a number of environments. From a… Going back to our conversation around security, the NIST framework allows enterprises to work with NIST-compliant vendors for really a comprehensive ransomware approach, or rather protection against ransomware.

So our aim is to become a critical component to that ecosystem. And once you’re part of that ecosystem, there are a number of other, not just use cases, but the ability to leverage the goodness of Trilio. So now whether you are, let’s say you are the Dev Sec Ops team, or you’re SOC as a service, and you need to monitor in the health of an environment. You now have that visibility and that transparency that you’ve always required. So ecosystem is truly important to us.

Swapnil Bhartiya: Can you also talk about… Are there any specific industries that Trilio caters to? Because we look at public sector also there. I mean, data production is everybody’s problem today. And if you can share some… If you have new customers that you have gained, this is your time to talk about them as well.

David Safaii: Yeah. So as I mentioned before, we’ve seen this kind of this rapid approach recently into production with a number of environments and people raising their hands, asking for data protection. You know, I’m not at liberty to discuss a number of these things, but I can tell you that our customers are some of the world’s largest global software providers. Our customers are some of the world’s largest defense manufacturers. Our customers are some of the world’s largest telcos and all these people are adopting cloud-native technologies.

All these people have a need for not just data protection, but application mobility. The ability to take a point in time and move it from test-dev environment to production, or take an environment and capture it from public cloud and pull it back down on premise. And repatriating some of that data and that application.

And so a lot of these large environments that we see approaching us have been at it for quite some time. And a lot of these people have environments that span different distributions, that span different approaches to building applications, that span storage environments. So again, that need for flexibility to give and empower an end user, whether it’s… You’re the VP of IT, or if it’s that single tenet, the ability to manage your applications across many clouds, across many environments, and that flexibility to port that application and its data.

Data gravity is a really big thing. We are unhinging that. We give you the ability to take the application and its data and move it. One of the things that, in response to some of these large customers, is you’ll be hearing about our approach to disaster recovery. The next phase in our approach to disaster recovery coming up this, later this fall.

We will give the end user and the empower and organization to push data everywhere and have that continuous restore capability. So your recovery time of objective is seconds or minutes. This is a really challenging thing in a multi-cloud world. And now we’ll empower financial service organizations, we’ll empower defense manufacturers, we’ll empower a number of these environments with the ability to quickly recover as needed.

Swapnil Bhartiya: David, thank you so much for once again taking time out and talk about the work that Trilio is doing in data protection in the Kubernetes space, and also to help the whole IT teams and the other teams. I wish we could have done this in person, but hopefully next year. But thanks for your time today, and I look forward to our next conversation.

David Safaii: Thank you very much, Swapnil. Good to see you, stay safe. And I look forward to seeing you in the future as well.

You may also like

How open source developers’ and maintainers’ mindset is changing towards security: Hilary Carter

Tackling organizational chaos requires focus on integration and standardization

You don’t have to change your incident management workflow for Transposit: Divanny Lamas

anynines Klutch simplifies data management for Kubernetes clusters

How mainframe systems are leveraging AI for businesses

StarTree Cloud adds new observability and anomaly detection capabilities