Introduction
Our objective in these HashiCorp Validated Designs (HVD) is to give you prescriptive guidance based on our experience partnering with hundreds of organizations who have implemented Nomad Enterprise. We should acknowledge that our field is complex and the same solution can be implemented in many permutations. No matter what choices you make, what matters most is that you are able to safely provision and manage cloud resources at scale and experience the business benefits and value that automated HCP Terraform workflows provide.
This document gives recommendations on how to implement Terraform infrastructure-as-code (IaC) as a shared service for your organization. Different organizations call the team responsible for this task different names, including the "Platform Team" or "Cloud Center of Excellence" (CCoE). No matter what your team is called, this document helps teams responsible for owning Terraform IaC in their organization.
Prerequisites
Review HashiCorp's cloud operating model which enables your organization to unlock the fastest path to value in a modern multi-cloud datacenter:
- Cloud Operating Model(opens in new tab)
Note
This guide assumes that you have reviewed and implemented the following HVDs:- Nomad: Solution Design Guide (Self-Managed)(opens in new tab)
HVD document structure
This document includes the following:
Section | Summary |
---|---|
Introduction | Overview including objectives, prerequisites, and checklists for successful onboarding and adoption |
Initial Configuration | Prescriptive configuration of the platform after initial deployment |
Identity Access Management | Access Control List, SSO, and Workload Identity |
Automated Upgrades | Automated upgrades via Autopilot workflows |
Backups | Backing up Nomad via snapshots for disaster recovery and business continuity |
Observability | Details on how to leverage metrics and logs for both scheduled workloads and the Nomad cluster to gain insights into platform performance and health |
Networking | Details of available networking options for your workloads |
Scheduling | Advanced scheduling configuration options |
Resource Quotas | Recommendations for configuring CPU and memory quotas for namespaces and teams |
Sentinel | Enforce fine-grained policies using business, security or compliance logic across your Nomad clusters |
Control Plane Scaling | Scale your Nomad cluster as your workloads grow |
Windows Clients | Windows specific agent configuration options and recommendations |
Self-Service Application Deployment | Discussing best practices for deployment options and other workflow considerations |
Workload Orchestration | Details for orchestrating container and non-container workloads |
Application Scaling | Workflow and configuration recommendations for vertical and horizontal scaling of your applications |
Service Discovery | Details and recommendations for service discovery, including health checks, upgrades, and leveraging service discovery in tasks using templates |
Secrets and Variables | Details Nomad's built in variables and secrets functionality and how to leverage them in your workload |
Objectives
You are implementing Nomad Enterprise to achieve your company's business and functional objectives. Here, we list what we expect the goals you should realize after implementing the recommendations detailed in this guide.
Business objectives
- Reduce time to market: This guide will assist you in establishing a robust standard workflow for deploying and managing the lifecycle of hybrid/multi cloud application deployments. When implemented effectively, developers can deploy applications more efficiently, reducing the time it takes for your organization to introduce new products and features to the market.
- Consistent compliance: Through policy-as-code, organizations will achieve compliant deployment flow, automate audit, and respond proactively to regulatory change.
- Improve skills and retention: Through deployment templates reuse, organizations reduce the cognitive load associated with onboarding new talent and retain that talent longer by improving productivity for team members.
- Optimize cloud cost: By implementing a central shared service for application deployement, you will be able to optimize cloud spend and costs. This is achieved by standardizing and enforcing best practices on providing visibility into recources assigned to applications across the organization. While details on how to do this and implement the necessary guardrails is covered in other Nomad documentation, this guide is a necessary prerequisite towards that goal.
Functional objectives
- Adopt a mature golden workflow for application deployement.
- Enhance security posture.
- Improve traceability of actions and ensure audit readiness.
Onboarding/adoption checklist
We recommend that the following tasks be accomplished for a successful onboarding and adoption of Nomad Enterprise. The time it takes to complete this initial phase will vary depending on the complexity of your organization and the level of executive alignment. However, we have found that using HashiCorp Professional Services or partner-provided services can significantly accelerate the process.
Project checklist
- Identify key people from the Platform Team who will own and operate Nomad. In your organization, the Platform Team may own the architecture but the day-to-day operations may be delegated to a production services/support team who have 24/7 staffing arrangements. Both teams must be engaged at the outset.
- Identify key executives sponsoring this project.
- Establish cadences with the HashiCorp account team. We recommend the following:
- Weekly/bi-weekly cadence.
- Quarterly business review with sponsoring executives.
- Enablement plan:
- Platform Team enablement plan: We recommend that key platform team members attend HashiCorp Academy training. This training will also enable the Platform Team to be trained as trainers for the organization.
- Application team enablement plan: We recommend that application teams be trained either by the Platform Team "trainers" or attend free hands-on workshops offered by HashiCorp solution engineers and architects.
- Business unit onboarding schedule: Create a schedule for onboarding business units and/or application teams. We recommend for the "adopt" phase that you start with one or a handful of business units. (see note below)
- Establish key milestones to track progress. We recommend the following key milestones:
- HCP Terraform onboarding.
- Platform team enablement.
- Application team early-adopter enablement.
- Application team early-adopter onboarding.
Tip
On onboarding business units/application teams
HashiCorp recommends that you base the initial business unit/application team onboarding schedule on a representative set of early-adopter teams with one or more of the following characteristics:
- A high incentive to use Nomd application scheduling to achieve their goals.
- Have a DevOps skill set.
Those characteristics will increase the chances of early success.
The schedule should introduce approximately five teams in the first set, working with them from development to UAT. Then, the Platform Team should aim to introduce a second set of about twenty teams into development. This second set would benefit from the feedback the more experienced first set provides as part of pipeline refinement.
When the first set has reached the production environment and the second set has reached UAT, the Platform Team should aim to introduce a third set of approximately 50-100 application teams into development, benefiting from the further refinement brought through feedback and collaboration with the first and second sets of teams. Through working with this third set, increased scale is both visible and demonstrable to senior management, making project success highly likely and standardization, efficiency gains and cost savings clearly visible.
Onboarding checklist
- Configure core Nomad Enterprise components:
- Servers
- Clients
- Access control lists
- Logs and metrics collection
- Establish a workflow to onboard application teams to Nomad Enterprise:
- Deployment templates and best practices
- Observability patterns
- Initial discussions with first set of early adopter teams regarding user onboarding experience and updates to the project backlog with next step improvements
Adoption checklist
- Determine the migration roadmap for existing applications.
- Establish a workflow for application teams.
- Complete a production readiness assessment with a HashiCorp solution architect.
Tip
We highly recommend arranging a meeting with a HashiCorp solution architect shortly after acquiring your license. They will offer essential architectural and integration guidance for your project.Additionally, schedule another session within three months to ensure that the transition architecture and migration plans remain clear and unimpeded.
Regular meetings with your HashiCorp solution engineer throughout the project and into production are also advised to continually enhance business value.