Catalogic’s CloudCasa kubernetes app SaaS backup service is headed for independence as a standalone business.
Update; various typos fixed – 14 Feb 2023.
Catalogic Software, founded in around 2003, had three product lines by 2020: ECX for copy data management; DPX for endpoint and server data protection; and its nascent CloudCasa SaaS service for Kubernetes app protection. In May 2021 IBM bought the ECX product line, since Big Blue accounted for 80 percent or so of ECX sales.
The Catalogic investors, which no longer include Trinity Capital, funded the CloudCasa development as an internal startup, starting with two development engineers and a blank slate in 2020. Now they envisage spinning CloudCasa out, with Catalogic COO Sathya Sankaran running it, and with DPX and its ransomware attack alerting capabilities looking for partnership opportunites.
We were briefed by Sankaran and told that: “We wanted to build CloudCasa in late 2020” to provide a cloud-native app protection SaaS offering.
Why not add Kubernetes (K8S) protection to DPX? “It’s really just that the audience seems very, very different. A lot of DPX customers are very Windows-heavy, with lots of file shares, and that sort of thing. None of them really translates over very well to the Kubernetes space.”
They might even still assume that you backup to old style read/write once tape-style media. “Some of the Kubernetes folks are 20 year olds and 30 year olds at most, and that group probably hasn’t even seen a tape in their life. They’re all thinking primarily S3 object storage cloud as the primary means to store data.”
Sankaran said: “I wanted to build something separate, and form my own company. I think Catalogic and the investors have been super gracious in giving us the backing and the runway to incubate it to a level where we can now confidently say, ‘Hey, we can actually take on the the incumbents in the space and raise money to be independent.'”
The development direction took the view that “Integrating with just Kubernetes is not enough. You have to integrate with the three most popular Kubernetes engines. That is the Amazon EKS, Azure AKS and Google GKE. So for all three platforms, we actually built an agentless approach. What we mean by that is we actually go integrate with the Kubernetes engines directly. And that allows us to see all the Kubernetes clusters you’re running within those engines.”
“Now I can push out agents into those into those clusters automatically. I can track how they’re configured. A Kubernetes cluster is made up of multiple nodes. If you’re inside Kubernetes, you do not know how many nodes or how the configuration is made. If you’re the content, you don’t know how the box is labelled outside. Because we now talk directly to the cloud providers, we can actually backup and protect all the settings that were used to create that Kubernetes cluster. We also backup the networking configuration.”
“We’re going to the cloud providers, and saying ‘give me your list of Kubernetes clusters and we’ll protect them.’ This vastly reduces the amount of time you need to get up and running in our solution.”
There’s a restore advantage here, with no need to set up a K8S cluster before running a restore.
“We basically say we have backed up how your cluster is configured from your cloud providers. So let us use that same setting to spin up a new cluster for you. And then kick off the restore automatically. So you do not need to touch anything. If you want one to recover, we will bring up the entire cluster. We will allow you to customize it. If you want it coming with less memory, less CPU or whatever, you can do that customization, but it’s completely composable infrastructure, once we have a backup taken.”
“That’s a clear differentiation for us, compared to everybody else, in how we talk to Kubernetes. We don’t just talk to the Kubernetes layer, we talk to the cloud layer as well.”
Who are the incumbents from his point of view?
There are the traditional backup players, such as Dell with its PowerProtect appliance and Data Protection Suite software; Avamar, NetWorker and PowerProtect Data Manager; and APEX Backup Services. There’s also Rubrik and Cohesity. Sankaran thinks “Most Kubernetes folks do not know what PowerProtect is. Of course, they know who Dell is, but they will not know what PowerProtect is. It’s just not the same audience at all.”
In his view: “Rubrik and Cohesity are kind of playing a little bit of waiting game as well, because they see a huge opportunity in front of them in the VMware and the physical world. And they’re doing fantastically well. So they haven’t even really barged into the Kubernetes space at all.”
Veeam with Kasten is in a good place though: “The only incumbent who is big and is making a statement in this ecosystem is really Veeam. Because they’ve said, ‘I’m big in my own space. I’m not leaving anybody room to disrupt my leadership.’ And they went out and picked up perhaps the first real company that focused on this problem area: Kasten.”
He revealed: “I’ll gladly admit Kasten was was an inspiration to me when we started out this this effort. I thought the Kasten UI was fantastic.”
But – there is a but – “We saw one problem as data protection experts at that time. The Kasten application runs on the same cluster you’re protecting. So you lose your cluster, you lose your backup.” You’re co-locating your protection in the same space as what you’re protecting.
“Architecturally, we found that there is still an opportunity here for us, because the best solution out there still has major flaws.”
Also it’s not a SaaS offering. Sankaran said that at a Cloud Field Day event, Veeam/Kasten people said: “Yes, SaaS for Kasten would have been better, but we have 30,000 partners that we cannot mess with. For that reason we were not really keen on entering the SAS space. What we will do is to leverage the channel and essentially deliver Kasten on top of the repositories we already have.”
They’re saying: “I don’t want anybody coming into my 400,000 customers. It’s all about protecting the turf. That’s really where the innovations are going.”
SaaS vs self-managed backup
He takes a different view of the market, saying self-managed backup is the wrong approach. “Seventy-nine percent of Kubernetes users are using managed or hosted Kubernetes. And that implies 80 percent of your customers are basically saying that, for my public, my primary data, I’m going to hand over control to a hosted or a managed Kubernetes system. Why do we think those guys are going to choose a self-managed backup solution?”
There’s an air gap angle here. “We think SAS is a better way to provide this offering. SAS has naturally built an air gap. Because the catalog data is now sitting on my infrastructure. If you are hacked, it doesn’t mean I am hacked at the same time. The actual odds of you being hacked and me being hacked at the exact same time is extremely low. So it creates that natural [virtual] air gap that customers can benefit from.”
“If you put your application on the same cluster, you know that when you’re hacked, it’s very likely that the app backup application is hacked as well. And that creates – excuse my language – a shitload of problems.”
Market size and shares
Sankaran reckons there are more than two million Kubernertes clusters in the public cloud.
He says, citing CNCF surveys, around 35 percent of K8S app people say they run backups. Velero, the open source K8S backup product, has had about 50 million Docker pulls (code image retrievals). If, he calculates, we assume 100 pulls per cluster then, with the 35 percent number, there are about 500,000 Velero-protected clusters.
Sakaran said: “Based on my intel, Kasten by Veeam has less than 200 customers.” Pure’s Portworx less than 100, and Trilio less than 50. The three collectively have a one to two percent market share and Velero a 90 percent market share. CloudCasa has about 1,000 users; we don’t know the actual number of customers.
“But we’re still talking very small numbers – almost two orders of magnitude smaller than the free open source solution out there, right? This tells us there is a significant gap that we can tap into.”
There are three competing open-source K8S app backup products: Flux, Argo, and Velero. These are not discussed in GigaOm’s Kubernetes Data Protection Radar report, although Velero gets a passing mention: “All in all, the data protection field is moving quickly and is accelerated further by Velero’s growing importance in the Cloud-Native Computing Foundation (CNCF) ecosystem as the underpinning technology for many of the solutions discussed in this Radar.”
Velero is the default option but you have to configure and manage it at the cluster level. That’s okay with five clusters, but not with 100, or 1,000 or more in Sankaran’s view.
A lot of CloudCasa’s development focus now is on becoming more open source friendly and compatible.
Going by what Sankaran says, CloudCasa has a good position in the market on which to build. It will need go-to-market funding and has to assume that it will face strong competition from Veeam’s Kasten and Pure’s Portworx products, with big corporate backing behind each.