Management plane
This topic explains the concept of HCP Consul's management plane service. The management plane is a HashiCorp-hosted server that supports centralized global management operations across all Consul clusters. It provides global visibility and control for both self-managed and HashiCorp-managed Consul clusters, even when you deploy services in multiple cloud environments and regions.
What is the management plane?
The management plane is a service hosted by HashiCorp that enables you to monitor and manage multiple Consul server clusters regardless of where the clusters are hosted. It enables you to view aggregated health information for your clusters and services from a single location. The name management plane refers to how the service conceptually exists at a level above the service mesh's control plane and the data plane, as demonstrated in the following diagram:
The management plane supports both HashiCorp-managed clusters and self-managed clusters. HashiCorp-managed clusters connect to the management plane by default, but you must link self-managed clusters to the management plane individually. To learn more about the process, refer to link self-managed clusters.
Each organization in the HCP platform has its own management plane that is not accessible to any other organization. You can assign administrative roles to specify permitted user interactions, and users can have different roles in different organizations. For more information, refer to user permissions.
The management plane does not automatically extend the service mesh between connected datacenters. You must join clusters using either WAN federation or cluster peering to enable mesh functionality across clusters. However, the management plane provides UI workflows to simplify these processes for you.
Benefits
The management plane service can improve your experience with HCP Consul in the following ways:
- Centralized operations: Reduces operational overhead by enabling operators and SREs to visualize and monitor the health of multiple Consul server clusters at once.
- Unified service catalog: Collects location and health information for your clusters' service instances in a single aggregated service catalog. Search for a service by name and then find clusters where service instances are deployed.
- Secure Consul configuration: The management plane service helps you deploy Consul clusters with TLS, gossip encryption, and ACL tokens enabled by default.
- Secure and easy UI access: Eliminates the need to set up additional load balancers to your Consul cluster and is especially useful for Consul servers running in air-gapped environments with highly restrictive network controls.
- Simplified cluster peering workflow: Eliminates the need to access individual Consul clusters for cluster peering setup.
- Observability dashboard: Automatically-generated visualizations of server and proxy metrics provide insights into cluster operations.
Global cluster views
The management plane service provides the following global views to support your workflows and deployments:
In addition, clusters linked to the management plane have expanded observability into server and proxy metrics. Refer to Consul observability for more information.