PowerProtect Data Manager 19.11 Kubernetes User Guide

Add a protection policy for Kubernetes namespace protection

A Kubernetes protection policy enables you to select namespaces in the Kubernetes cluster that you want to back up. Use the PowerProtect Data Manager UI to create a Kubernetes namespace protection policy.

1. From the left navigation pane, select Protection > Protection Policies.
   The Protection Policies window appears.
2. In the Protection Policies window, click Add.
   The Add Policy wizard appears.
3. On the Type page, specify the following fields, and then click Next:
   • Name—Type a descriptive name for the protection policy.
   • Description—Type a description for the policy.
   • Type—For the policy type, select Kubernetes.
4. On the Purpose page, select from the following options to indicate the purpose of the new protection policy group, and then click Next:
   • Crash Consistent—Select this type for point-in-time backup of namespaces.
   • Exclusion—Select this type if there are assets within the protection policy that you plan to exclude from data protection operations.
5. In the Assets page, select one or more unprotected namespaces that you want to back up as part of this protection policy.
   If the namespace that you want to protect is not listed, perform one of the following:

   • Click Find More Assets to perform an updated discovery of the Kubernetes cluster.
   • Use the Search box to search by asset name.
6. (Optional) For the selected namespaces, click the link in the PVCs Excluded column, if available, to clear any PVCs that you want to exclude from the backup. By default, all PVCs are selected for inclusion.
7. Click Next.
   The Objectives page appears.
8. On the Objectives page, select a policy-level Service Level Agreement (SLA) from the Set Policy Level SLA list, or select Add to open the Add Service Level Agreement wizard and create a policy-level SLA.
   Add a service-level agreement provides instructions.
9. Click Add under Primary Backup.
   The Add Primary Backup dialog appears.
10. On the Schedules pane of the Add Primary Backup dialog:
    1. Specify the following fields to schedule the synthetic full backup of this protection policy:
       • Create a Synthetic Full...—Specify how often to create a synthetic full backup. For Persistent Volume Claims (PVCs) on VMware first class disks (FCDs), a Synthetic Full backs up only the changed blocks since last backup to create a new full backup. Also, namespace metadata is backed up in full upon every backup.
       • Retain For—Specify the retention period for the synthetic full backup.

         You can extend the retention period for the latest primary backup copy by adding an Extend Retention backup. For example, your regular schedule for daily backups can use a retention period of 30 days, but you can apply extended retention backups to keep the full backups taken on Mondays for 10 weeks. Extended retention provides information.

         NOTE For database backups, PowerProtect Data Manager chains the dependent backups together. For example, the synthetic full or transaction log backups are chained to their base full backup. The backups do not expire until the last backup in the chain expires. Backup chaining ensures that all synthetic full and transaction log backups are recoverable until they have all expired.
       • Start and End—For the activity window, specify a time of day to start the synthetic full backup, and a time of day after which backups cannot be started.
         NOTE Any backups started before the End Time occurs continue until completion.
       • Click Save to save and collapse the backup schedule.
    2. Click Add Backup to periodically force a full (level 0) backup, and then specify the following fields to schedule the full backup of this protection policy:
       NOTE When you select this option, the backup chain is reset.

       • Create a Full...—Specify whether you want to create a weekly or monthly full backup.
       • Repeat on—Depending on the frequency of the full backup schedule, specify the day of the week or date of the month to perform the full backup.
       • Retain For—Specify the retention period for the full backup. This can be the same value as the synthetic full backup schedule, or a different value.
       • Start and End—For the activity window, specify a time of day to start the full backup, and a time of day after which backups cannot be started.
         NOTE Any backups started before the End Time occurs continue until completion.
       • Click Save to save and collapse the backup schedule.
11. On the Target pane of the Add Primary Backup dialog, specify the following fields:
    1. Storage Name—Select a backup destination from the list of existing protection storage systems, or select Add to add a system and complete the details in the Storage Target window.
       NOTE The Space field indicates the total amount of space, and the percentage of available space, on the protection storage system.
    2. Storage Unit—Select whether this protection policy should use a New storage unit on the selected protection storage system, or select an existing storage unit from the list. Hover over a storage unit to view the full name and statistics for available capacity and total capacity, for example, testvmplc-ppdm-daily-123ab (300 GB/1 TB)
       When you select New, a new storage unit in the format policy name host name unique identifier is created in the storage system upon policy completion. For example, testvmplc-ppdm-daily-123cd.
    3. Network Interface—Select a network interface from the list, if applicable.
    4. Retention Lock—Move the Retention Lock slider to the right to enable retention locking for these backups on the selected system. PowerProtect Data Manager uses Governance mode for retention locking, which means that the lock can be reverted at any time if necessary. Moving the Retention Lock slider on or off applies to the current backup copy only, and does not impact the retention lock setting for existing backup copies.
       NOTE Primary backups are assigned a default retention lock period of 14 days. Replicated backups, however, are not assigned a default retention lock period. If you enable Retention Lock for a replicated backup, ensure that you set the Retain For field in the Add Replication dialog to a minimum number of 14 days so that the replicated backup does not expire before the primary backup.
    5. SLA—Select an existing service level agreement that you want to apply to this objective from the list, or select Add to create an SLA within the Add Service Level Agreement wizard.
       Add a service-level agreement provides instructions.
12. Click Save to save your changes and return to the Objectives page.

    The Objectives page updates to display the name and location of the target storage system under Primary Backup.

    After completing the objective, you can change any details by clicking Edit next to the objective.

13. Optionally, extend the retention period for a primary backup:
    Extended retention provides more information about Extend Retention functionality.
    1. Click Extend Retention next to Primary Backup.
       An entry for Extend Retention is created below Primary Backup.
    2. Under Extend Retention, click Add.
       The Add Extended Retention dialog appears.
    3. Extend the retention of a full primary backup copy every—Specify the preferred recurrence for the extended retention backup objective.
    4. Repeat on—Depending on the frequency of the full backup schedule, specify the day of the week, the date of the month, or the date of the year that the extended retention backup occurs.
    5. Retain For—Specify the retention period for the backup. You can retain an extended retention backup for a maximum of 70 years.
    6. Click Save to save your changes and return to the Objectives page.
14. Optionally, replicate the backups:
    NOTE

    To enable replication, ensure that you add remote protection storage as the replication location. The PowerProtect Data Manager Administration and User Guide provides detailed instructions about adding remote protection storage.

    When creating multiple replicas for the same protection policy, it is recommended to select a different storage system for each copy. If you select a storage unit that is the target of another objective for the same policy, the UI issues a warning. The PowerProtect Data Manager Administration and User Guide provides information about replicating to shared protection storage to support PowerProtect Cyber Recovery. Verify the storage targets and the use case before you continue.

    For replicas of centralized backups, when you set retention periods for different backup types, any undefined types use the full backup retention period. For example, if you do not define a log backup in the primary objective, the log backup for the replication objective is also undefined. After you run a manual log backup, replicas of that log backup use the same retention period as the full backup.

    Replication after backup completion is not available for replication objectives that are based on extended retention.

    1. Click Replicate next to Primary Backup or Extend Retention. An entry for Replicate is created to the right of the primary or extended retention backup objective.
       NOTE PowerProtect Data Manager supports replicating an extended retention backup only if the primary backup already has one or more replication objectives. Also, for replication of an extended retention backup, you can only select from the protection storage systems to which the primary objective replicates.

       For example, if there are six protection storage systems available (DD1-DD6), and the primary backup is on DD1:

       • Replicate1, which is based on the primary backup, replicates to DD2.
       • Replicate2, which is based on the primary backup, replicates to DD3.
       • Extended retention backup is backed up to DD1.
       • Replicate3, which is based on the extended retention backup, must replicate to DD2 or DD3.
    2. Under Replicate, click Add.
       The Add Replication dialog appears.
    3. Select a storage target:
       • Storage Name—Select a destination from the list of protection storage. Or, select Add to add a protection storage system and complete the details in the Storage Target window.
       • Storage Unit—Select an existing storage unit on the protection storage system. Or, select New to automatically create a storage unit.
       • Network Interface—Select a network interface from the list, if applicable.
       • Retention Lock—Move the Retention Lock slider to the right to enable retention locking for these replicas.
       • SLA—Select an existing replication service level agreement that you want to apply to this schedule from the list. Or, select Add to create a replication SLA within the Add Service Level Agreement wizard.

       The PowerProtect Data Manager Administration and User Guide provides more information about replication targets, such as SLAs.

    4. Select when to replicate the backups:

       Replication triggers provides more information.

       • To replicate after the backup finishes, move the Replicate immediately upon backup completion slider to on.

       • For scheduled replication, move the Replicate immediately upon backup completion slider to off, and then complete the schedule details in the Add Replication dialog.

         For replication of the primary backup, the schedule frequency can be every day, week, month, or x hours. For replication of the extended retention backup, the schedule frequency can be every day, week, month, year, or x hours.

         For daily, weekly, and monthly schedules, the numeric value cannot be modified. For hourly, however, you can edit the numeric value. For example, if you set Create a Full backup every 4 hours, you can set a value of anywhere from 1 to 12 hours.

       All replicas of the primary backup objective use the same retention period and, by default, this retention period is inherited from the Retain For value of the synthetic-full backup schedule.

    5. To specify a different retention period for specific replicas, clear Set the same retention time for all replicated copies, click Edit, change the value in the Retain For field, and then click Save.
       CAUTION Setting a shorter retention period for replicas of incremental, differential, or log backups than for the corresponding full backup may result in being unable to recover from those replicas.
       This retention period is applied to all the replicated copies (synthetic full and full) of this primary backup objective.
    6. Click Save to save your changes and return to the Objectives page.
15. Optionally, to move backups from protection storage to Cloud Tier, add a Cloud objective for the primary, replication, or extended retention objective:
    NOTE To move a backup or replica to Cloud Tier, objectives must have a retention time of 14 days or more. PowerProtect Data Manager also requires the discovery of protection storage with a configured Cloud unit.
    1. Click Cloud Tier next to Primary Backup or Extend Retention. Or, if adding a Cloud objective for a replication objective that you have added, click Cloud Tier under Replicate.
       An entry for Cloud Tier is created to the right of the primary or extended retention backup objective, or below the replication objective.
    2. Under the entry for Cloud Tier, click Add.
       The Add Cloud Tier Backup dialog appears, with summary information for the parent objective to indicate whether you are adding this Cloud Tier objective for the primary backup objective, the extended retention backup objective, or the replication objective.
    3. Complete the objective details in the Add Cloud Tier Backup dialog, and then click Save to save your changes and return to the Objectives page.
       The PowerProtect Data Manager Administration and User Guide provides detailed instructions for adding a Cloud objective for a primary, replication, or extended retention objective.
16. Click Next.
    The Summary page appears.
17. Review the protection policy group configuration details, and then click Finish. Except for the protection policy type, you can click Edit next to any details to change the policy information.

    An informational message appears to confirm that PowerProtect Data Manager has saved the protection policy.

    When the new protection policy is created and assets are added to the protection policy, PowerProtect Data Manager performs backups according to the backup schedule.

18. Click OK to exit the window, or click Go to Jobs to open the Jobs window.

    From the Jobs window, you can monitor the progress of the new Kubernetes cluster protection policy backup and associated tasks. You can also cancel any in-progress or queued job or task.

    NOTE If a Kubernetes cluster is running on vSphere and using vSphere CSI storage, the job details indicate that the optimized data path is being used for the backup.