Extending OpenStack Disaster Recovery to Google Cloud Storage

The OpenStack Cinder Backup service was introduced in Cinder in the Grizzly release to allow users to create backups from their volumes and store it to their Swift object storage system (still very common use case in OpenStack private clouds to date). Since then, the Backup API continued to mature with every release.

The OpenStack Backup drivers catalog have also become richer and recently added  target options for NFS and POSIX, as well as Block, such as Ceph RBD backend store, notwithstanding one of the coolest evolution points was introduced in the new OpenStack “Mitaka” release: the first integration of the OpenStack Cinder Backup API with a non-OpenStack public cloud provider,  Google Cloud Platform. This is allowing backup of OpenStack Private Clouds volumes to Google Cloud Platform.

OpenStack Users: Backup Your Cinder Volumes to Google Cloud Storage

Google joined the OpenStack Foundation as a corporate sponsor in July 2015 as part of Kubernetes integration with OpenStack. This work on Mitaka is the next step on Google’s roadmap to making Google Cloud Platform a seamless public cloud complement for OpenStack environments.

Google collaborated with Red Hat and Biarca to develop a Cinder backup driver to extend OpenStack data protection and disaster recovery to the public cloud, in a real hybrid cloud integrated solution, by allowing Red Hat OpenStack Platform customers and users to more securely backup their critical data onto Google Cloud Storage, as well as to address] their compliance requirements for offsite backups and benefit from the lower cost offered by cloud storage while reducing the cost in maintaining a secondary cloud for disaster recovery.

When it comes to delivering the end to end security features of the hybrid cloud backup, federated authentication, data encryption and identity key management come into play. OpenStack Identity Service (Keystone) as a service-provider is already able to consume identity properties issued by an external Identity Providers (such as SAML assertions).

As for data encryption, backup support for encrypted volumes has already been introduced in the Kilo release, so volumes can be encrypted by Cinder before being backed up to Google cloud.  Identity key management is required to allow different encryption keys for each backup as well as to more securely manage and store these keys. To provide these capabilities, Red Hat is contributing to Barbican, a REST API designed for the secure storage, provisioning and management of secrets such as passwords, encryption keys and X.509 Certificates

The new Cinder Backup driver for Google Cloud Storage is slated for Tech-Preview in Red Hat OpenStack Platform 9 this summer.

To learn more about setting up OpenStack Cinder backups to Google Cloud Storage and restoring your volumes from Google Cloud Storage, have a look at our blog.