Kasten by Veeam (K10)

Veeam’s Kasten (K10)
Kasten K10 is a Kubernetes-compatible cloud-native data management platform. For container-based applications, it contains backup, restore, disaster recovery, and migration features.

It’s a self-hosted solution that runs on each protected cluster. It has a small resource footprint on those clusters, thanks to auto-scaling components such as its data mover and parallel instances created based on running processes. It’s available as a CRD-based install into its own namespace on a variety of cloud and Kubernetes markets. Despite the lack of a SaaS version, Kasten uses Veeam’s VCSP program to enable cloud service providers to sell Kasten K10 as a service.

Kasten caters to business customers, with backup administrators and developers serving as essential users for self-service backups and restores. It’s quite simple to use, thanks to a well-designed user interface, consistent APIs, and a handy command-line interface. Kasten K10 is built for large-scale situations, however it can also be used in smaller infrastructures.

K10 supports a variety of Kubernetes variants on-premises and in the cloud, including OpenShift, Rancher, Tanzu, EKS, AKS, and GKE. It has unique collaborations with K3s and AWS EKS Anywhere to facilitate edge and retail deployments, as well as a new partnership with AWS Containers Anywhere for on-premises edge deployments. Backups of AWS resources such as VPC and IAM configuration are not supported by K10.

Kasten’s revenue strategy is entirely channel-based, which includes third-party SaaS solutions. Kasten’s subscription model is built on nodes. There is no cost dependent on capacity. For smaller productions, proof of concepts, and labs, there is a free edition with a maximum of 10 nodes.

Kasten K10 captures the dynamic nature of container-based systems with a policy-based approach, and backups incorporate Kubernetes resources and metadata like Secrets and ConfigMaps. K10 also uses Kanister, an open source data management framework created by Kasten to create an industry standard for stateful data management, to discover data services (such as MySQL, MongoDB, PostgreSQL, Amazon RDS, Kafka, and Cassandra) as part of applications and automatically apply the right data management policies (for things like quiescing).

K10 also includes a blanket policy that automatically protects any new or previously unprotected applications, as well as the ability to apply backup policies based on labels and namespaces.

K10 supports CSI natively for typical enterprise storage arrays, Amazon EBS, VMware, and container-attached storage solutions, including snapshots and backups, but also provides deeper CSI integration for a number of CSI providers that give additional functionality and backup performance. Changed-block tracking, rapid incrementals, and transfers across repository regions are all included. It will offload duties directly instead of using CSI when it can use a more appropriate underlying storage integration, such as OpenStack, CEPH, vSphere, or a public cloud’s API. Thanks to deduplication and compression algorithms, space and network efficiency are guaranteed.

Object stores, NFS shares, and even existing Veeam Backup & Replication backup repositories are all supported. K10 offers data-at-rest and in-flight encryption for S3, MinIO, Cloudian, and other repositories, as well as immutability for S3, MinIO, Cloudian, and others, preventing backups from being destroyed or retention policies from being lowered in any cryptolocker attempts.

Both at rest and in flight, backup data is always secured. Encryption keys can be kept in the cluster or managed externally with tools like HashiCorp Vault or AWS KMS. Image vulnerability scans are among the other security measures.

The Kasten interface allows non-admin users to self-serve access to particular resources such as a single cluster or namespace, and it supports RBAC and role/scope limits for self-service access to specific resources such as a single cluster or namespace. It replicates the roles defined in the cluster using Kubernetes Roles and ClusterRoles. Kasten allows administrators to apply (global) policies to tenant clusters, allowing policies to be administered from a central location yet spread across clusters. Local cluster administrators can also set local regulations. Veeam Backup administrators will be able to see Kasten jobs and rules from within the Veeam Console in the future.

Application data and metadata transformations, migrations, and mapping are supported by the Application Transform Engine, with use cases ranging from simple storage class mappings to cross-cluster, cross-region and cross-AZ, cross-distribution, and cross-cloud migrations. In on-premises scenarios, it also contains disaster recovery features to protect against cluster and availability zone failures, as well as storage system failures.

Kasten K10 includes an embedded instance of Prometheus for storing metrics about the backup and system’s operational state, as well as an embedded instance of Grafana with several featured dashboards.


Strengths: Kasten is a mature Kubernetes-native solution that is well-suited to self-hosted, self-managed use cases. Its design scales effectively and is particularly well-suited for deployments at the edge. Its RBAC capabilities and centrally controlled policy model are well suited to the needs of large enterprises and self-service. Kanister, the company’s application-aware data management system, is promising and rapidly maturing. On-premises repositories are well supported.

Challenges: Kasten’s native cloud support is limited, as it does not take advantage of deep integrations with AWS, Azure, or GCP. Some customers may be put off by its lack of first-party SaaS, and its per-node subscription licensing may not work in highly dynamic setups. RTOs and RPOs are not as rapid with backup-based disaster recovery.