Introduction
Organizations are frequently presented with the challenge of how to scale application, network, and security objects consistently across multiple clouds, platforms, and run-times. Platform teams navigate through an ocean of cloud services, on-premises setups, container-based technologies, virtual machine platforms, and serverless architectures.
HashiCorp Consul is an identity-based networking solution that extends its service discovery and service mesh capabilities across on-premises and multi-cloud environments, platforms, and run-times. Consul helps teams enhance application resilience, increase uptime, accelerate application deployment, and improve security in service-to-service communications.
In adopting Consul, organizations take a phased approach, starting off with service discovery and adding service mesh capabilities that extend to on-premises and collaborative cloud deployments.
People and processes
Consul service discovery and service mesh covers multiple areas of an organization that are typically managed by several network and security products, aligned with specialist teams. The following functions span multiple areas of an organization, emphasizing the importance of how Consul can help with automating traditional security and networking functions, while also catering to dynamic workloads.
| Consul Services | Uses |
|---|---|
| Service discovery | Service catalog, DNS, Inventory, CSDB |
| Service routing | L7 Traffic Management (Traffic splitting, Routing, Blue/Green and Canary deployment), Resilience (Automated failover), Load-Balancing, Network automation |
| Service security | Zero-trust, Observability and Traceability, Authentication and Authorization via policies, ACLs, mTLS, Service Intentions |
The above options will span several platform and DevOps teams who are responsible for maintaining applications, compute infrastructure, network, and security options. It will be important to define roles and responsibilities across teams that have the skills necessary to perform their anticipated functions.
Business and tech leaders
Leaders, especially those in regulated organizations, will be looking to adopt a service mesh to secure east-west and north-south communications at a global scale. They will be looking to reduce risk, effectively manage their security posture for data in transit, reduce spending on individual hosts, as well as segment and perimeter security products.
Developers
These individuals will be responsible for creating and launching applications that need to connect to multiple clouds for resilience. Their applications often require access to shared services like identity management, which is deployed in a different VPC or region. The schedules for their development and deployment are impacted by infrastructure, cloud, and security teams that set up the necessary network connectivity and security features.
Operators / Infrastructure engineers
Engineers are responsible for providing a platform and network as a service, enabling developers to quickly and securely deploy and connect applications across several clouds and runtime environments.
Security administrators
Individuals who are managing the security policies of applications that are deployed across various environments to ensure the organization's security and compliance policies are not compromised.
Use cases
This document covers the "Scaling" phase of operating Consul Enterprise across multi-cloud, multi-runtime environments.
The following use cases will be covered:
| Use case | Summary |
|---|---|
| Multi-cloud deployment-like workloads on Azure and AWS | Consul provides service discovery and service mesh capabilities across several clouds and run-times |
| Multi-runtime on-premises environments; e.g. VM-based environments, Kubernetes-based deployments | VM-/Nomad-based deployments of Consul on-premises; Kubernetes-based deployments on public clouds |
| Both on-premises and collaborative cloud deployments | Scenarios showing reachability between on-premises and cloud environments using Consul |
Prerequisites
After familiarizing yourself with the maturity model, you should go through the Operating Guide for Adoption and Operating Guide for Standardization documents, which delve into enabling service discovery and service mesh features under business units starting on their cloud journey. Importantly, these groups are still operating completely on-premises.
The Consul Solution Design Guide references Consul architecture and best practices for running Consul servers in production on virtual machines (VMs) and Kubernetes.
These guides also touch on how to set up Consul for a multi-tenant and multi-cluster approach. Additionally, they discuss the configuration of network objects, DNS, compute infrastructure, security considerations, and monitoring.
Takeaways
Consul uses HashiCorp's well-architected framework to deliver on the following efficiencies:
- Operational excellence: Organizations can build products quickly and efficiently by drastically reducing reliance on lengthy processes involving traditional connectivity that depend on IP addresses, instead replacing it with dynamic discovery and connectivity of services using service identities.
- Reliability: Consul enables automatic failover of services between multiple clouds and on-premises deployments, preventing disruptions from a single point of failure. This ensures high availability and business continuity.
- Security: Consul service mesh enables secure deployment practices with automatic service-to-service encryption and identity-based authorization. Service intentions allow and restrict access between services, authorizing services based on service identity rather than IP, as is the case with traditional firewalls.
This operating guide provides prescriptive guidance on running Consul at scale. This can be useful for organizations that are scaling either because of growth in business or from a recent merger and acquisition. Anyone working with an assortment of cloud providers and managing service communication between on-premises and multi-cloud environments will benefit from this advice.