Consul
Consul Enterprise
Consul Enterprise features address the organizational complexities of collaboration, operations, scale, and governance. IBM offers several packages of Consul Enterprise licenses that include additional service networking features.
To access Consul Enterprise in a self-managed installation, apply a purchased license to the Consul Enterprise binary.
Enterprise features
The following features are available with an Enterprise license.
Multi-Tenancy
- Admin Partitions: Define administrative boundaries between tenants within a single Consul datacenter.
- Namespaces: Define resource boundaries within a single admin partition for further organizational flexibility.
- Sameness Groups: Define partitions and cluster peers as members of a group with identical services.
Resiliency
- Automated Backups: Configure the automatic backup of Consul state.
- Redundancy Zones: Deploy backup voting Consul servers to efficiently improve Consul fault tolerance
- Server request rate limits per source IP: Limit gRPC and RPC traffic to servers for source IP addresses.
- Traffic rate limiting for services: Limit the rate of HTTP requests a service receives per service instance.
- Locality-aware routing: Prioritize upstream services in the same region and zone as the downstream service.
- Fault injection: Explore the resiliency of downstream services in response to problems with an upstream service, such as errors, latency, or response rate limits.
Scalability
- Read Replicas: Deploy non-voting Consul servers to enhance the scalability of read requests.
Operational simplification
- Long Term Support (LTS): Reduce operational overhead and risk by using LTS releases that are maintained for longer than standard releases.
- Automated Upgrades: Ease upgrades by automating the transition from existing to newly deployed Consul servers.
- Consul-Terraform-Sync Enterprise: Leverage the enhanced network infrastructure automation capabilities of the enterprise version of Consul-Terraform-Sync.
Complex network topology support
- Network Areas: Support complex network topologies between federated Consul datacenters with pairwise federation rather than full mesh federation.
- Network Segments: Support complex network topologies within a Consul datacenter by enforcing boundaries in Consul client gossip traffic.
Governance
- OIDC Auth Method: Manage user access to Consul through an OIDC identity provider instead of Consul ACL tokens directly.
- Audit Logging: Understand Consul access and usage patterns by reviewing access to the Consul HTTP API.
- JWT authentication and authorization for API gateway: Prevent unverified traffic at the API gateway using JWTs for authentication and authorization on VMs and on Kubernetes.
Regulatory compliance
FIPS 140-2 Compliance: Leverage FIPS builds of Consul Enterprise to ensure your Consul deployments are secured with BoringCrypto and CNGCrypto, and compliant with FIPS 140-2.
IBM Consul licenses
IBM offers the following packages of licensed support:
Consul Self-Managed Standard licenses include support for service discovery features in multiple runtimes
Consul Self-Managed Premium licenses include support for service mesh features in multiple runtimes
The following table summarizes the major differences between Consul CE and the Consul Enterprise licenses:
| Supported features | Consul CE | Standard Enterprise | Premium Enterprise |
|---|---|---|---|
| Service discovery support | ✅ | ✅ | ✅ |
| Service mesh support | ✅ (single cluster only) | ❌ | ✅ |
| KV store support | ✅ | ✅ | ✅ |
| API gateway support | ✅ | ❌ | ✅ |
| Ingress/terminating gateway support | ✅ | ❌ | ✅ |
| Single datacenter support | ✅ | ✅ | ✅ |
| Multiple runtime support | ❌ | ✅ | ✅ |
| Multi-tenancy support | ❌ | ✅ | ✅ |
| Additional resiliency & scalability | ❌ | ✅ | ✅ |
| FIPS 140-2 Compliance | ❌ | ✅ | ✅ |
| Consul-Terraform-Sync (CTS) support | ✅ | ✅ | ✅ |
Some Consul features are not supported with a Standard Enterprise license because the feature is used only when the service mesh is deployed.
Consul Enterprise feature availability
The Consul Enterprise features that are available depend on your license and the runtimes you use in your deployment.
Feature support by license
Enterprise licenses include support for the following features.
Feature availability by runtime
Consul Enterprise feature availability can change depending on your server and client agent runtimes.
| Enterprise Feature | VM Client | K8s Client | ECS Client |
|---|---|---|---|
| Admin Partitions | ✅ | ✅ | ✅ |
| Audit Logging | ✅ | ✅ | ✅ |
| Automated Server Backups | ✅ | ✅ | ✅ |
| Automated Server Upgrades | ✅ | ✅ | ✅ |
| Enhanced Read Scalability | ✅ | ✅ | ✅ |
| Fault injection | ✅ | ✅ | ✅ |
| FIPS 140-2 Compliance | ✅ | ✅ | ✅ |
| JWT verification for API gateways | ✅ | ✅ | ❌ |
| Locality-aware routing | ✅ | ✅ | ✅ |
| Long Term Support (LTS) | ✅ | ✅ | ❌ |
| Namespaces | ✅ | ✅ | ✅ |
| Network Areas | ✅ | ✅ | ✅ |
| Network Segments | ✅ | ✅ | ❌ |
| OIDC Auth Method | ✅ | ✅ | ✅ |
| Redundancy Zones | ✅ | ✅ | ✅ |
| Sameness Groups | ✅ | ✅ | ✅ |
| Server request rate limits per source IP | ✅ | ✅ | ✅ |
| Traffic rate limiting for services | ✅ | ✅ | ✅ |