9621 Agnes Crossing, Lake Suzanneview, New Mexico Island 84604-9295.
HashiDays, HashiCorp’s annual conference, was spread across three different locations this year with London, Paris and Munich, but counted as one event. The multicloud analogy is too good
HashiDays, HashiCorp’s annual conference, was spread across three different locations this year with London, Paris and Munich, but counted as one event. The multicloud analogy is too good not to mention.
This multicloud runs like a red thread through the conference and actually also through the activities of HashiCorp. The rationale is simple: many companies use cloud services from different providers and the goal is for all these systems to behave as one. To that end, HashiCorp offers products and services for every aspect of this work:
According to Hashicorp, the path to a multicloud network consists of three steps:
An important aspect of multicloud is of course security. If you centralize everything, there is a risk that too many people will have access to things that are actually not related to them. HashiCorp works with a identity based security approach.
During HashiDays, less than a year after HashiCorp’s last conference, the software company unveiled a number of advancements to its products. There were updates especially in the area of secrets management and access control. The focus is on security between systems with updates to Vault and security between users and systems with updates to Boundary.
Kubernetes is one of the platforms where Vault, HashiCorp’s tool for storing and managing secrets, is widely used. However, the company kept receiving comments that some configuration was required. That’s why HashiCorp is now releasing a global version of Vault Secrets Operator for Kubernetes.
In the past, each Kubernetes pod required an additional sidecar to communicate with Vault and extract a secret from it. However, now this operator is the direct connection between Vault and the various pods of Kubernetes.
This system has been extensively tested in the beta phase over the last few months and is now available as usual.
But one of the main focuses of HashiDays was usability; This makes things more efficient and faster for developers. The new version of Vault, HCP Vault Secrets, also fits this approach and was presented during HashiDays.
This new SaaS platform provides developers with a central location they can access at any time to store and sync secrets. The system offers developers a quick overview of all secrets, distributed across different applications. This can be done without interrupting the workflow.
HCP Vault Secrets offers both a push and a pull model. The first allows platform teams to set up secret synchronization, and the second allows developers to inject application secrets directly into their workflow.
This system basically focuses on three important things for developers:
Thanks to this centralized approach, there’s more security (less chance of human error), higher productivity (more workspace for developers), and better visibility into what’s happening with the secrets (who had access, when, and from where). In addition, security is always up to date.
HCP Vault Secrets is now available in beta.
With the growth of hybrid work environments remote access Security is becoming more and more important. Boundary Enterprise is a system that users can self-manage (in the cloud or from their own data center) and provides a flexible way to provide access to a cloud environment. The system works with just in time Credentials: They only grant a user access to parts of a cloud that are strictly necessary for that person and are also limited in time.
Boundary Enterprise is now available and complements the existing HCP Boundary and Boundary OSS systems.
This update to Boundary has proven to be the most requested feature by users since the system’s inception. Session recording allows organizations to fully register user and application activity to gain insight into who has access and what that access was used for. In this way, responsible teams can organize their security in an even more targeted manner.
Boundary session recording is now available in both the existing HCP Boundary and the new Boundary Enterprise.
At the HashiDays there were not only innovations in the area of security, the network system was also updated. Something Consul users have been asking for for a while is the ability to create custom extensions for Envoy, an open source proxy for applications in the cloud. This provides more visibility into traffic and additional options for security. In addition, this also ensures open source support policy engine OPA (Open Policy Agent) and the ability of Wasm Extensions (WebAssembly), a code and text format for software.
A second important innovation is the togetherness groups. In addition, applications residing in different cloud systems or platforms, often in different data centers, continue to function as a whole. In the end, it always remains the same application. For example, data from a system in a European data center can easily run through an American data center, the application is “the same”.
Consul 1.16 will be beta and generally available next month.
A first update from HCP Consul is that users can now see all clusters exchanged between two systems. You can also manage these clusters more easily and automate this process.
Second, you can now also link self-managed clusters in this environment. Wherever you manage clusters, you can now do it through a unified portal.
Finally, there are more ways to observe, both in terms of the clusters themselves and the workloads within them. This gives a better insight into what is happening in your different environments.
The first update is generally available, the other two are still in beta.
The open source software tool Terraform, which is intended for building an infrastructure, has been around for almost ten years. It is logical that this system will also receive an update.
With the Workspace Visibility Explorer, it’s easier to check things that are out of date or to check the role of an infrastructure. You can then adjust or fix these things if necessary.
A common problem is that companies use part of their cloud environment for testing, for trying things out. This environment then continues to run more than once and costs an unnecessary amount of money and energy, actually for nothing. Since nobody cares anymore, such cases also pose a security risk.
Ephemeral Workspaces determines a maximum TTL (Time To Live) of a Terraform Workspace. The system automatically cleans up or destroys the environment in question when the specified lifetime has expired. However, an alert will still be sent and developers can extend a TTL if they wish.
With configuration-driven import, Terraform can automate the process of importing existing resources, but also write the configuration for you right away. This creates a much smoother workflow.
Both the workspace visibility explorer and configuration-driven import are now in beta, short-lived workspaces will be available soon.
A conference is useful not only to take a look at the near future through various product releases, but also to reflect on the present. For example, there was a survey among HashiCorp customers and users for the third time, which we had previously reported on.
The HashiDays were also the ideal opportunity for a back pat, with some nice stats:
Using several user cases and accompanying speakers, HashiCorp made it clear how diverse its customer base is.
Vodaphone uses the multicloud to comply with the different rules in the different countries where it operates in the same system.
According to Zurich Insurance’s Eamonn Carey, “hashi” is Japanese for “bridge” and it’s a perfect word because HashiCorp connects everything at Zurich.
Marko Bevec of SaaS consultant The Scale Factory compared poor security to the old-fashioned “hiding the key” under the rug or flower pot and praised HashiCorp’s security features.
Despite automation and an increasing number of features designed to make multicloud easier in so many different areas, many speakers felt there was one factor that shouldn’t be forgotten: the platform teams.
In addition to the message of good security, HashiCorp emphasizes that a good platform team is essential to smoothly unite all resources in the multicloud. CEO Nick Calver summed it up perhaps best when he listed his top three factors for successful cloud infrastructure automation: cost, risk, speed, and surprisingly number four: people.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
