Home > Data Protection > PowerProtect Data Manager > PowerProtect Data Manager: Protecting VMware Tanzu Kubernetes Clusters > Backup workflow
The protection policy is required to launch an automated backup job. It centrally schedules and manages timing of launching backup policy per asset. Scheduled backup jobs are triggered according to policy. When the backup job is initiated, PowerProtect Data Manager communicates with vCenter server in order to communicate with clusters.
Steps 1, 2: CNDM and VM direct are two components within PowerProtect Data Manager. When the backup is triggered, CNDM communicates with VM direct to find and reserve a vProxy at the vCenter supervisor cluster. If an existing vProxy is not found, backup jobs fail. The vProxies are created externally specifically for TKG clusters. Once the vProxy is reserved, CNDM initiates communication with the API server of the guest cluster by sending BackupJob CR using Velero operator and passing vProxy details.
Steps 3, 4, 5: The API server of the guest cluster communicates with the PowerProtect controller (PowerProtect namespace). The BackupJobCR is created and, in turn, the PowerProtect controller sends Velero BackupCR to the API server. The API server then communicates with Velero PodVM (Velero namespace). The API server sends BackupCR to the vSphere plug-in within Velero PodVM.
Steps 6, 7: Communication between the supervisor and guest cluster happens with the help of the vSphere plug-in. The vSphere plug-in within Velero PodVM of the guest cluster initiates communication with the API server of the supervisor cluster by sending Backup CR. Once the supervisor cluster has the information about the guest cluster’s Backup CR, the API server communicates to the backup driver, which is a component of the Velero Master VM, in order to take an FCD snapshot. The backup driver is responsible for creating and deleting snapshots that are backed by CSI volumes.
Steps 8, 9, 10: Once the FCD snapshots are taken, the API server of the supervisor cluster communicates back to the vSphere plug-in (Velero PodVM) of the guest cluster that the snapshot has been completed. The PowerProtect controller learns about the FCD snapshot information and communicates with vProxy VM. PowerProtect controller creates a session with vProxy VM, which is created in advance. When the session is established between the controller and vProxy, vProxy learns about the snapshot information from the backup driver and moves the data from FCD to the backup target.