Production Deployment Checklist

When you are deploying the Veeam Kasten platform in your production cluster, there are a few things you should consider.

We have created a quick checklist for you to make sure your installation is easy.

Pre-Install

Following are the items you need to check and configure before you install Veeam Kasten's platform. The complete installation instructions can be found here.

Encryption Key

Before you setup Kasten, you need to set and configure an encryption key. This key is needed for data and metadata encryption. More information can be found here.

Authentication Mode

During installation, you have an option to choose an authentication mode. You can choose between Direct Access, Basic Authentication, Token-based Authentication or OpenID Connect. You can learn more about it here.

CSI-based Storage Providers

If you are provisioning storage via the Container Storage Interface (CSI) and want to leverage CSI Volume Snapshots, please follow the documentation here to ensure that the VolumeSnapshotClass has the Veeam Kasten annotation.

FIPS Compliant Mode

When installing, you have the option to enable FIPS mode, which enforces the use of FIPS approved algorithms. This ensures Kasten is compliant with FIPS requirements.

However, in order to ensure success, this must be done on a new installation of Kasten. The underlying cluster should also be in running in FIPS mode.

You can find more information on this topic here.

Post-Install

Following are the items you need to check and configure after you have installed Veeam Kasten's platform. The complete installation instructions can be found here.

Disaster Recovery

Kasten allows you to enable Disaster Recovery (DR) to protect Veeam Kasten from any infrastructure failures. Make sure to enable DR and save your cluster ID as well as the passphrase for recovery. More information about DR can be found here.

Encryption Key

Once Veeam Kasten installation is complete, be sure to save the encryption key for future use. You can lose access to the data in case of loss of this encryption key.

Monitoring

Once you have Veeam Kasten protecting your applications, you want to ensure that problems such as backup failures, infrastructure issues, and job failures due to license expiry are immediately noticed without having to constantly check the dashboard. We therefore highly recommend integrating your monitoring with our Prometheus endpoints and triggering alerts based on failure notifications.

Note

Veeam Kasten does not allow the disabling of Prometheus and Grafana services. Attempting to disable these services may result in unsupported scenarios and potential issues with monitoring and logging functionalities, affecting Veeam Kasten's overall functionality. It is recommended to maintain these services enabled in order to ensure proper functionality and prevent unexpected behavior.

User Roles

Note

User roles are only available for certain authentication modes.

Veeam Kasten is set up with different Cluster Roles that you can use to enable authorization in your cluster. You should not change these user roles but you can add on top of them to customize it to your needs. For more information about User Roles and Authorization, check here.