The current availability and maturity of cloud services make it possible to quickly deploy services on-demand, anywhere, at a near-unlimited scale. However, an adjustment to how people, process, and tooling are leveraged is needed to get the most out of the cloud, without experiencing its downsides.
HashiCorp is on a mission to help customers unlock the cloud operating model by addressing several key problem areas, including development, security, provisioning, and networking. Although several of these areas have seen the introduction of new solutions and approaches to ease customer adoption of the cloud operating model, networking is one domain that has seemingly lagged behind.
With the introduction of Consul, and a focus on the service rather than the supporting infrastructure, HashiCorp hopes to push the evolution of networking in the “cloud” a significant step forward.
Modern, Dynamic Applications Require Responsive and Granular Network Security
Networking, as a whole, is a domain that is under significant pressure to change. Customers have long experienced the pain points of extended provisioning times, complex approval processes, and technology solutions that are either not agile or granular enough to keep up with modern applications.
A significant part of this is due to the fact that traditional infrastructure-centric networking relies on many static elements, including network ranges, IP addresses, and rule sets in order to route and secure network traffic. This type of approach is generally not well-suited to frequent changes or a level of specificity beyond an IP address and communication port.
Conversely, deployment of modern applications takes place at a rapid pace, and the supporting technologies many developers use are optimized for a dynamic, ephemeral environment where change is expected. Much more emphasis is placed on the service and its intent, rather than the details of the down-stack infrastructure.
Needless to say, reconciling the dynamic nature of modern applications with the static nature of many networking and security technologies is an ongoing challenge. And it’s one that must be addressed for much-needed evolution to continue.
HashiCorp Consul Supports Modern Applications by Focusing on Intent
HashiCorp Consul offers several key capabilities that support the dynamic nature of modern applications.
As opposed to a traditional firewall that examines traffic between two IP endpoints and either allows/disallows the traffic based on a static ruleset, Consul helps establish a more secure mutual-TLS connection between specific services according to intent-based rules.
These intent-based rules operate at the service level and do not depend on static constructs like IP addresses or network ranges. This helps improve the agility of the security infrastructure while improving the security of traffic simultaneously.
And because Consul is based on a distributed control and data plane architecture, it also helps eliminate single points of failure and performance bottlenecks associated with more traditional network security approaches.
In addition, Consul provides a centralized service registry that enables any service to be discovered by other services in the environment, further decreasing the importance of static constructs like network addresses.
Combined, these features should result in a significant improvement in security and reduction in administrative overhead for customers deploying modern applications across multiple datacenters and cloud environments.
Conclusion
Simply providing the needed network connectivity to an application can be a challenge as environment complexity continues to increase. Securing this traffic in a way that meets the security requirements of the business is another challenge, still. And doing both of these well at the pace of a modern, dynamic application is, as many customers are discovering, nearly impossible.
With its comprehensive vision for helping customers transition to a cloud operating model, and its emphasis on service-specific network security with Consul, HashiCorp is doing its part to make this vision a reality.
For more information on Consul and its service mesh capabilities, check out HashiCorp’s presentation at Cloud Field Day 6.