Cloud-Native Security Cloud-Native Storage Topics 

AWS re:Invent 2023: Cloud-Native Backup and Workload Protection

, , , , ,
by Alan Shimel

Speaker: This is Techstrong TV.

Alan Shimel: Hey everyone, we’re back here live in Las Vegas for AWS re:Invent 2023, along with 59,980 of our close friends. But we are in our own little video suite here at the Wynn in Las Vegas, and so it’s not crowded. It’s nice. It’s a pleasant place to do our video. And I’m happy to be joined… well, Mitchell’s here with me. Most of you know Mitchell. Him and I do a lot of these together. But we’re happy to be joined by Michael Cade, who I feel I do a lot of these with too, because-

Mitch Ashley: Recently.

Alan Shimel: Yeah. Michael and I were just in Chicago together for a KubeCon, and we did an interview there. If you didn’t catch it, it’s actually available on Techstrong.tv now if you look up either KubeCon or look up Kasten by Veeam or Michael Cade, C-A-D-E, it’ll pop up on Techstrong.tv. You can watch it there. As I mentioned, Michael is, though, with Kasten by Veeam. And if you’ve walked around any of the airports here in Las Vegas… well, there’s really only one airport in Vegas. But if you walked around the airport in Vegas, you might’ve seen their ubiquitous posters, billboards, videos advertising their presence here. But Michael, it’s great to see you.

Michael Cade: And you. As to you.

Alan Shimel: Yep.

Michael Cade: Good to be [inaudible 00:01:28].

Alan Shimel: Yeah. You’re making the rounds.

Michael Cade: Yeah. This is my last one of the year, though, so-

Alan Shimel: Me too, God willing. I hope so.

Michael Cade: Yeah, that’s exactly right.

Alan Shimel: Yeah. And it’s a good way to end the year.

Michael Cade: Very much so.

Alan Shimel: And then it’ll be back home for you. You know what, Michael? Actually Chicago was the last one, but you and I have spoken a number of times. But let’s start with some basic foundational stuff. Not everyone out here is familiar with Veeam and then Kasten by Veeam, because they always go together. I’ve seen Veeam advertised alone, but I never see Kasten advertised without Veeam, or mentioned. Advertised is a bad word. So why don’t we start there?

Michael Cade: Yes.

Alan Shimel: Veeam and Kasten.

Michael Cade: Veeam is the company. Kasten in is the focus around Cloud-native. So Kubernetes, that’s why you see the Kasten side at KubeCon. From here, though, point of view, everything that we do is about protecting workloads, protecting businesses so that we can get you back up and running as fast as possible. So in particular, from an AWS point of view, you’ve got your data in the cloud. It’s your responsibility. It’s your data. Bit of a misconception. AWS, they do great at all the nines, all the availability, but it’s your data. You drop that database, they’re not going to bring that back. That’s on you.

So when it comes to Veeam, it’s about protecting that workload, being able to do something with that workload, and potentially providing some sort of migration or disaster recovery for that workload. So whether that be into another area of AWS. Potentially we have a lot of customers that are hybrid. They’re still on premises, so they want to be able to protect or send data into AWS environments.

So Veeam is around protecting those workloads, whether it be EC2 instances, your VPC configuration, your RDS, your EFS, all of that, the workload. But then, equally, your virtual machines, your unstructured data that you have on premises. And then the Kasten bit is your Kubernetes clusters. Your EKS, your Red Hat OpenShift on AWS, and any other cloud. I know we’re here so we have to talk about AWS, but really we’re agnostic to wherever we are. So it’s about protecting our-

Alan Shimel: Absolutely.

Mitch Ashley: And a lot of the time your customers are a multi-cloud environment, too.

Michael Cade: Exactly that.

Mitch Ashley: Yeah.

Alan Shimel: Absolutely. But it’s interesting. You know what I love about AWS, really, Michael? Is you get such a mixed bag. Security’s front and center. Everything is generative AI here.

Michael Cade: Yeah.

Alan Shimel: But backup, cloud-native, developer tools, it’s all in the mix because really what it is when you get something like AWS, AWS is the platform that we all operate under. It’s still the major… I’m not saying they’re the other… nothing against Google, Microsoft, Oracle, IBM, or anyone else, but AWS is the biggest, and we’re all here. But some people may say, “I don’t get backup for AWS.” Because isn’t that something AWS does? That’s why I’m going to them. They’re responsible for making sure my stuff doesn’t get messed up.

Michael Cade: Yeah, and that is a huge misconception. When you think about traditional backup, you think about recovering that workload. We’re always bottom of the list. It’s never the exciting part at the top of the Christmas list. It’s, “Oh, I need backup for this data.” Apart from me. I’ve lived and breathed this for the last nearly nine years. But it’s a necessity around the shared responsibility model that AWS clearly has, you see that they’ll keep the lights on. They’re going to give you the availability, they’re going to give you all the availability zones, the sites, everything that they’ve got across the globe. But when it comes to your responsibility, at the top is that that customer data is a huge box up there, that that’s on you as a consumer.

Again, like I said about, if it’s your database, if it’s your NAS up in the cloud, that’s your responsibility. You make a mistake, and we all make mistakes, and that’s without even getting to the cyber threat. Someone gets into our environments. How do we get that data back? And it’s generally, I find at least, the conversations are… we seem to have the conversations after the fact. Someone’s had an issue and they need to recover fast. And that then starts the conversation about backup and recovery and all of that good stuff. So it is always a misconception around that, and it’s around awareness.

Alan Shimel: There is. So look, if you’re going to take one thing out of this out there, people watching, is you still need your backups. You still need those bread and butter kind of services that we’ve always had in our data centers for 30 or 40 or more years.

Michael Cade: Exactly.

Alan Shimel: Just because you’re in the cloud doesn’t mean they go away.

Michael Cade: And it’s like what we said the other week, Alan, around Kubernetes. Kubernetes, the cloud, on-prem physical machines, there is no… high availability is one thing. I want to be able… if one host or server dies, I want to make sure that my workload just moves over seamlessly into the other. And availability is very different to data protection and data management. It’s exactly what you say, is we need to make sure that we have that protection first, and then we can do some pretty cool stuff with that data to, I don’t know, whether it’s get some insight from that data, leverage that data to find out… leverage that rather than the production. And I think that’s the starting point of being able to do something. It’s not just backup. It’s about being able to leverage it as well.

Mitch Ashley: That’s a good question that I have, is I remember using Veeam early on when they were fairly new on the market, and using for off-site storage backup. Moving from tape to disk to going to a remote site. How is that different from, we talked about workloads now. And especially when we talked about cloud-native. That was all pre-cloud-native days. Give us some context for what workloads are and why that’s different than just pure data backup.

Michael Cade: Yeah. If you think about our application, and you have to look at it from an application point of view, whether the application is a database or a complete application, a cloud-native application that then leverages, I don’t know, RDS, for example, using that as an example. We need to protect the whole piece because when something bad happens, we want to give you the choice to, well, what do you want to recover? Because maybe it’s just the database. Or maybe it’s a table within the database. I want to be able to provide the granularity of being able to say, “I just need that account table back,” or, “I need the whole database back.” And that’s no different to whether you’re running a database on-prem, in the cloud, in Kubernetes, in a PaaS-based service such as AWS RDS, or any other PaaS-based solution.

So at the end of the day, all of it is still compute, storage, and networking. That’s what makes up the cloud. Now, the responsibility or what you’re in charge of as an IT admin, cloud administrator, cloud engineer, you probably just offloaded some of that to… you’re paying the premium of being able to take away that responsibility of managing that. But ultimately, underneath the application is something that you still-

Mitch Ashley: Everything in the cloud is still yours, right?

Michael Cade: Exactly that.

Alan Shimel: This was a lesson I learned early on with the cloud and security, Mitchell, when we were doing StillSecure, which is, when you go to the cloud, you still have responsibility for things like security, including backup and recovery. So you still are responsible. When stuff hits the fan, it’s still your butt on the line.

Michael Cade: Yeah.

Mitch Ashley: It’s shared risk, but it’s not. You’re still your responsibility at the end the day.

Alan Shimel: Right. It’s shared risk. It reminds you of the old story of the hen and the pig. They walk by a breakfast place and they say, “What a nice breakfast place.” The hen says, “Yeah, it is. I’d like to donate an egg to it.” The pig says, “That’s very nice.” And the hen says, “Yeah. Maybe you should give them some ham.” And the pig says, “Well, there’s a huge difference here between the kind of commitment you’re making and the commitment you want me to make.” One, I’m just giving an egg and the other one, I’m done.

Mitch Ashley: The pig’s committed, would be the punchline, right?

Alan Shimel: The pig, yeah. So it’s the same thing, a little bit, when we talk about cloud. Yeah, they have shared responsibility, but when it hits the fan, it’s your name on the line, it’s your reputation, it’s your business.

Michael Cade: And I think it’s very easy in any cloud, not just AWS, but it’s very easy to open the door and misconfigurations… it’s very easy to go into your VPC, into your security group, go 000/0, and that lets every IP across the internet in. And if you misconfigure that… and then that brings us onto things like S3 buckets. If you just Google, or any search engine, if you open public buckets, and the amount of customer data that resides in there, because it’s configurations, then that’s even… that’s before we even start talking about malicious activity and things like cyber threats and that resilience to that.

That’s a whole… these people are trained to attack data, exfiltrate data, attack your systems. Having a public bucket is just exposing data yourself and a misconfiguration. And there’s a fine line between that responsibility and where that resilience to being able to restore and have that data.

Alan Shimel: I agree with you. I hear you. I think we’ve made this point. Let us turn now to, hey, we’re here at AWS re:Invent. Do you guys have news or happenings? I know we just spoke a couple weeks ago, the latest version.

Michael Cade: So yeah, from a cast point of view, 6.5 is the three bucket item… if you don’t get to the video of me and Alan in KubeCon, it’s really around growth of around multi-cluster. It’s around SIEM integration with Datadog. Again, another company that are massive here. You’ll see them all over the place.

Alan Shimel: Sure.

Michael Cade: So a big integration into their SIEM product. And then the ability, actually one relevant to AWS, is the ability to help you import from a stateful set, so running your database inside of Kubernetes, and importing that into RDS. So providing that mobility of data, whether it’s a stateful set, whether it’s a Postgres database on a VM, we can provide the ability to take that and push that into RDS. So that’s like the quick wrap-up of the 6.5 from a cast point of view. From a Veeam point of view, there’s two items coming that we’re talking about on the booth and in the session that I do later on this week, it’s around S3 backup.

So when I talk about that public bucket and misconfigurations, we’re seeing a lot of customers using S3 as a first class system when it comes to storage. Storing their CDN type, their content delivery network inside of object storage, or their application data within that. So we brought out the ability… well, we’re bringing out the ability to be able to protect those S3 buckets. So that’s being able to send S3 bucket data to S3 buckets. So that isn’t just AWS-focused. It is one, obviously, where you can get object storage. But ultimately that could be a migration tool as well. How can I get you from one object storage to another? So migration.

The other is, and this is interesting from a serverless point of view, and that’s where that cloud-native and cloud responsibility around data comes in, is if you think about serverless or you think about functions, Lambda functions, they generally look at writing into a NoSQL database such as DynamoDB. So a large increase around customers leveraging DynamoDB for those Lambda functions as well as other NoSQL tasks. So we’re bringing in the ability to protect DynamoDB as another data service as well in the not too distant future.

Alan Shimel: I love it. Excellent. Have you been down at the booth and the show floor? Impressions?

Michael Cade: I have. My take on re:Invent is it’s always busy but it’s also, in my opinion, the best of event of the year because everyone’s here. To your point, security, data, storage, cloud. Everyone’s here. We’re all here so we can have good conversations.

Alan Shimel: To me, that’s the horizontal. I think the other unique thing about AWS re:Invent is the vertical. You have the cloud provider, you have the vendor who provides those tools, and then you have the SI… some people go… we used to call them SIs. The integrator, the VAR, the job, the consultant, I don’t really care what you… the SaaS advisor. But it’s that vertical as well as horizontal integration where this whole ecosystem comes together into one thing. What I think, and kudos to AWS for doing this, though, is they still keep this an AWS user conference.

Michael Cade: Yeah.

Alan Shimel: With all of the vertical and horizontal pieces, it’s still their conference they control. They control it. They do a really good job doing it, keeping the focus on them. And it’s not easy.

Michael Cade: No.

Alan Shimel: You look at something like RSA, for instance. We’ve been going to RSA for… I’ve been going to RSA a long time, 25, 30 years. At one point it was all about RSA. Encryption and all of that good stuff. Cryptography. It’s not anymore. It’s just security and everything and anything.

Michael Cade: Yeah. I think, Alan, to your point around the vertical as well, and you mentioned it earlier on, is that you’ve got developers here, you’ve got DevOps here, you’ve got operations, you’ve got SREs, the whole platform engineering space. They’re all here.

Alan Shimel: Yeah. No, it’s-

Michael Cade: And I think that’s a great conversation to have. And I think, from ours, you said about we’re all over the place. We’re on the strip. We’re in screens everywhere. And it’s about raising awareness. Raising awareness that, one, you’ve got that responsibility of data. You are going to have to recover some of that at one point and then provide that resilience of that data. So just because it’s available, just because we have all the nines, I think 11 nines is the term that AWS use, it doesn’t matter. If you drop that database, if you import or input some bad data, which we can. We’re humans, we make mistakes. We want to be able to… how do we roll back? How do we recover that data as fast as possible? So I think that’s our key message, is raising awareness of that responsibility model.

Alan Shimel: Talk about-

Mitch Ashley: … who your customers, more the personas are. Who uses a Kasten? Because it used to be operations function to back up and restore and recover from whatever kind of fault. You mentioned SREs, platform engineers. There’s DevOps engineers, cloud engineers, a lot of astrict engineers.

Michael Cade: Yeah. It’s no longer just systems administrators anymore.

Mitch Ashley: Exactly.

Alan Shimel: But aren’t they all systems administrators?

Mitch Ashley: I agree. I agree.

Alan Shimel: You said that. I didn’t.

Mitch Ashley: Yeah.

Alan Shimel: Look, blame him.

Mitch Ashley: No, you said it. I didn’t.

Michael Cade: Yeah, there was an astrict I was going to put in there as well, because people want them raises as well, right?

Alan Shimel: Yep.

Michael Cade: So I’m all for this type of change.

Alan Shimel: Titles. Right, absolutely.

Mitch Ashley: … Perform different functions.

Michael Cade: Sorry. Yeah.

Mitch Ashley: But I’m curious, from your perspective, are all of those personas that you work with as customers, do they have different needs? How do you work in the environment we have with all those different roles?

Michael Cade: That’s a great point. I think traditionally we would be speaking to the sysadmin. The sysadmin would have that responsibility of the data, whether it be on premises, the people that would look after the exchange servers, the SQL servers. The DBA wouldn’t care about if it was backed up, or they’d take their own backup in the least efficient way they possibly can. I’m probably offending some DBAs at that point.

Mitch Ashley: He said that.

Michael Cade: Yeah.

Mitch Ashley: Okay.

Michael Cade: But over the last couple of years where we’ve had this influx of cloud-based workloads and SaaS-based workloads, and even still the on-prem and Kubernetes, we’re seeing that shift of that responsibility landing more left. So whether that be the DevOps engineer, or even developers. I speak to developers probably on a weekly basis that are implementing databases, and they’re actually curious around, what if this happens? Because we’ve seen this: the developer and the ops teams anyway are getting closer together. Whether we call it a DevOps engineer or not, they’re having more responsibility about, how do we make things resilient? How can we help make sure that these guys don’t have a hard time at 3:00 in the morning when bad things happen? And they’re conscious of that whereas, a bit like the DBA thing that I just said about DBAs don’t care about backup, I think they are starting to at least have an understanding, an awareness of data protection and that it’s a necessity.

A bit like observability. We see observability everywhere. Observability is not… in my opinion, it’s down there with backup. It’s a necessity but it’s very boring. It’s going to give me all the information that I need to fix problems, but it’s just hard.

Alan Shimel: But you couldn’t live without it.

Michael Cade: Yeah, exactly. It’s hard to-

Alan Shimel: It is a fundamental.

Michael Cade: It’s like security as well, where security, observability, and backup. Three at the bottom, but they’re a necessity. They should be top of the list when it comes to, how do I make sure things are secure? How do I make sure that I can see when bad things are happening? And how do I recover? How do I remediate when bad things happen as well?

Mitch Ashley: Do SREs ask different questions of you than developers, than of platform engineers? Or they’re all worried about the same fundamental things?

Michael Cade: It’s interesting. An SRE, or let’s say operations side, because whether it’s SRE, whether it’s systems administrator, cloud engineer, they have an understanding of the underpinning storage or the platform underneath, whereas a developer potentially just sees, “Oh, this is a Mongo database. This is MongoDB. This is MySQL.” They don’t have that understanding of what the storage is underneath, and I don’t think we need them to either. I think that there’s an awareness of where their knowledge stops and where it goes over to the operations. And that’s no hard and fast line. I’ve spoken to developers that absolutely understand storage and the speeds and feeds that we still see out there in the storage world.

Mitch Ashley: One person or group abstracts away and another group takes care of or is a provider, or both.

Alan Shimel: Sure.

Michael Cade: Yeah.

Alan Shimel: Okay, great. Hey, you know what, Michael? Just in case anyone out here does it, is an affiliate, what’s the best website to go get smart about Veeam and Kasten?

Michael Cade: Veeam.com. Everything’s been moved over so you’re going to find stuff around virtualization on there, you’re going to find stuff around physical, unstructured, data, cloud, all the cloud, SaaS-based workloads to be protected, as well as Kubernetes. You’re going to find all of that on Veeam.com.

Alan Shimel: V-E…

Michael Cade: V-E-E-A-M.

Alan Shimel: That’s great. Hey man, when am I going to see you again?

Michael Cade: Hopefully not until 2024. No offense, Alan.

Alan Shimel: I am with you, unless you’re coming to the Keys for Christmas.

Michael Cade: I would love to, but-

Alan Shimel: I’ve got room. I’ve got room, if you want to come. And it’s warm.

Michael Cade: Yeah. You’re a lot warmer than London.

Alan Shimel: But if not, Paris in March.

Michael Cade: Yes, that’s where I’ll be.

Alan Shimel: All righty. Michael, always a pleasure, man.

Michael Cade: Cheerio.

Alan Shimel: Good to see you. Best of luck.

Mitch Ashley: It’s good seeing you as well. Take care.

Alan Shimel: If I don’t see you till Paris, have a happy holiday season and New Year’s. Michael Cade, Kasten by Veeam, here live at AWS re:Invent in Vegas. We’re going to take a break on the TechStrong network and we’ll be back in a little bit.

Alan Shimel

As Editor-in-chief of DevOps.com and Container Journal, Alan Shimel is attuned to the world of technology. Alan has founded and helped several technology ventures, including StillSecure, where he guided the company in bringing innovative and effective networking and security solutions to the marketplace. Shimel is an often-cited personality in the security and technology community and is a sought-after speaker at industry and government conferences and events. In addition to his writing on DevOps.com and Network World, his commentary about the state of technology is followed closely by many industry insiders via his blog and podcast, "Ashimmy, After All These Years" (www.ashimmy.com). Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal background, long experience in the field, and New York street smarts combine to form a unique personality.

Alan Shimel has 62 posts and counting. See all posts by Alan Shimel