Production Deployment Checklist

When you are deploying the Kasten K10 platform in your production cluster, there are a few things you should consider.

We have created a quick checklist for you to make sure your installation is easy.

Pre-Install

Following are the items you need to check and configure before you install Kasten's K10 platform. The complete installation instructions can be found here.

Encryption Key

Before you setup Kasten, you need to set and configure an encryption key. This key is needed for data and metadata encryption. More information can be found here.

Authentication Mode

During installation, you have an option to choose an authentication mode. You can choose between Direct Access, Basic Authentication, Token-based Authentication or OpenID Connect. You can learn more about it here.

CSI-based Storage Providers

If you are provisioning storage via the Container Storage Interface (CSI) and want to leverage CSI Volume Snapshots, please follow the documentation here to ensure that the VolumeSnapshotClass has the K10 annotation.

FIPS Compliant Mode

When installing, you have the option to enable FIPS mode, which enforces the use of FIPS approved algorithms. This ensures Kasten is compliant with FIPS requirements.

However, in order to ensure success, this must be done on a new installation of Kasten. The underlying cluster should also be in running in FIPS mode.

You can find more information on this topic here.

Post-Install

Following are the items you need to check and configure after you have installed Kasten's K10 platform. The complete installation instructions can be found here.

Disaster Recovery

Kasten allows you to enable Disaster Recovery (DR) to protect K10 from any infrastructure failures. Make sure to enable DR and save your cluster ID as well as the passphrase for recovery. More information about DR can be found here.

Encryption Key

Once K10 installation is complete, be sure to save the encryption key for future use. You can lose access to the data in case of loss of this encryption key.

Monitoring

Once you have K10 protecting your applications, you want to ensure that problems such as backup failures, infrastructure issues, and job failures due to license expiry are immediately noticed without having to constantly check the dashboard. We therefore highly recommend integrating your monitoring with our Prometheus endpoints and triggering alerts based on failure notifications.

Note

Kasten K10 does not allow the disabling of Prometheus and Grafana services. Attempting to disable these services may result in unsupported scenarios and potential issues with monitoring and logging functionalities, affecting K10's overall functionality. It is recommended to maintain these services enabled in order to ensure proper functionality and prevent unexpected behavior.

User Roles

Note

User roles are only available for certain authentication modes.

K10 is set up with different Cluster Roles that you can use to enable authorization in your cluster. You should not change these user roles but you can add on top of them to customize it to your needs. For more information about User Roles and Authorization, check here.