HashiCorp

Unlocking the cloud operating model for enterprises

HashiCorp

  • Terraform
  • Vault
  • Consul
  • Nomad

Infrastructure Automation

Infrastructure as code for provisioning, compliance, and management of any cloud, infrastructure, and service.

 

The Challenge

Relies on static fleet of standardized infrastructure, provisioned for long periods of time, and dedicated to users.

TRADITIONAL APPROACH

  • Manual Provisioning
  • Fixed set of resources
  • Workflow requires ticketing & queues

 

The Solution

Heterogeneous infrastructure, frequently provisioned, short lived, and automated provisioning on-demand.

TERRAFORM APPROACH

  • Infrastructure as Code
  • Embrace diversity with providers
  • Enable self-service infrastructure

Security Automation

Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.

 

Static Infrastructure

Datacenters with inherently high-trust networks with clear network perimeters.

TRADITIONAL APPROACH

  • High trust networks
  • A clear network perimeter
  • Security enforced by IP Address

 

Dynamic Infrastructure

Multiple clouds and private datacenters without a clear network perimeter.

VAULT APPROACH

  • Low-trust networks in public clouds
  • Unknown network perimeter across clouds
  • Security enforced by Identity

Networking Automation

A platform to discover, automate and secure service networking across any cloud or runtime.

 

Static Infrastructure

Private datacenters with static IPs, primarily north-south traffic, protected by perimeter security and coarse-grained network segments.

TRADITIONAL APPROACH

  • Static connectivity between services
  • A fleet of load balancers to route traffic
  • Ticket driven processes to update network middleware
  • Firewall rule sprawl to constrict access and insecure flat network zones

 

Dynamic Infrastructure

Multiple clouds and private datacenters with dynamic IPs, ephemeral containers, dominated by east-west traffic, no clear network perimeters.

CONSUL APPROACH

  • Centralized registry to locate any service
  • Services discovered and connected with centralized policies
  • Network automated in service of applications
  • Zero trust network enforced by identity-based security policies

Application Automation

Nomad is a simple, flexible, and production-grade workload orchestrator that enables organizations to deploy, manage, and scale any application, containerized, legacy or batch jobs, across multiple regions, on private and public clouds.

 

Static Infrastructure

Infrastructure is managed on a per application basis.

TRADITIONAL APPROACH

  • Dedicated servers
  • Manual and inconsistent deployment workflows
  • Low resource utilization

Dynamic Infrastructure

A common pool of infrastructure is shared across mixed applications

NOMAD APPROACH

  • A resource pool across on-prem and clouds
  • Unified and automated deployment workflows to run mixed workloads
  • Optimized resource utilization with bin-packing
  • Terraform
  • Vault
  • Consul
  • Nomad
  • Vagrant
  • Packer
  • Waypoint
  • Boundary

Cloud Infrastructure Automation

Infrastructure as code for provisioning, compliance, and management of any cloud, infrastructure, and service.

 

The Challenge

Relies on static fleet of standardized infrastructure, provisioned for long periods of time, and dedicated to users.

TRADITIONAL APPROACH

  • Manual Provisioning
  • Fixed set of resources
  • Workflow requires ticketing & queues

 

The Solution

Heterogeneous infrastructure, frequently provisioned, short lived, and automated provisioning on-demand.

TERRAFORM APPROACH

  • Infrastructure as Code
  • Embrace diversity with providers
  • Enable self-service infrastructure

Manage Secrets and Protect Sensitive Data

Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.

 

Static Infrastructure

Datacenters with inherently high-trust networks with clear network perimeters.

TRADITIONAL APPROACH

  • High trust networks
  • A clear network perimeter
  • Security enforced by IP Address

 

Dynamic Infrastructure

Multiple clouds and private datacenters without a clear network perimeter.

VAULT APPROACH

  • Low-trust networks in public clouds
  • Unknown network perimeter across clouds
  • Security enforced by Identity

Service Networking Across Any Cloud

A platform to discover, automate and secure service networking across any cloud or runtime.

 

Static Infrastructure

Private datacenters with static IPs, primarily north-south traffic, protected by perimeter security and coarse-grained network segments.

TRADITIONAL APPROACH

  • Static connectivity between services
  • A fleet of load balancers to route traffic
  • Ticket driven processes to update network middleware
  • Firewall rule sprawl to constrict access and insecure flat network zones

 

Dynamic Infrastructure

Multiple clouds and private datacenters with dynamic IPs, ephemeral containers, dominated by east-west traffic, no clear network perimeters.

CONSUL APPROACH

  • Centralized registry to locate any service
  • Services discovered and connected with centralized policies
  • Network automated in service of applications
  • Zero trust network enforced by identity-based security policies

Deploy and Manage Any Application on Any Infrastructure with Ease

Nomad is a simple, flexible, and production-grade workload orchestrator that enables organizations to deploy, manage, and scale any application, containerized, legacy or batch jobs, across multiple regions, on private and public clouds.

 

Static Infrastructure

Infrastructure is managed on a per application basis.

TRADITIONAL APPROACH

  • Dedicated servers
  • Manual and inconsistent deployment workflows
  • Low resource utilization

 

Dynamic Infrastructure

A common pool of infrastructure is shared across mixed applications

NOMAD APPROACH

  • A resource pool across on-prem and clouds
  • Unified and automated deployment workflows to run mixed workloads
  • Optimized resource utilization with bin-packing

Development Environments Made Easy

 

Simple and Powerful

HashiCorp Vagrant provides the same, easy workflow regardless of your role as a developer, operator, or designer. It leverages a declarative configuration file which describes all your software requirements, packages, operating system configuration, users, and more.

 

Production Parity

The cost of fixing a bug exponentially increases the closer it gets to production. Vagrant aims to mirror production environments by providing the same operating system, packages, users, and configurations, all while giving users the flexibility to use their favorite editor, IDE, and browser. Vagrant also integrates with your existing configuration management tooling like Ansible, Chef, Docker, Puppet or Salt, so you can use the same scripts to configure Vagrant as production.

 

Works where you work

Vagrant works on Mac, Linux, Windows, and more. Remote development environments force users to give up their favorite editors and programs. Vagrant works on your local system with the tools you're already familiar with. Easily code in your favorite text editor, edit images in your favorite manipulation program, and debug using your favorite tools, all from the comfort of your local laptop.

Build automated machine images

Create identical machine images for multiple platforms from a single source configuration.

 

Why Packer?

 

Rapid Infrastructure Deployment

Use Terraform to launch completely provisioned and configured machine instances with Packer images in seconds.

Multi-provider Portability

Identical images allow you to run dev, staging, and production environments across platforms.

Improved Stability

By provisioning instances from stable images installed and configured by Packer, you can ensure buggy software does not get deployed.

Increased Dev / Production Parity

Keep dev, staging, and production environments as similar as possible by generating images for multiple platforms at the same time.

Reliable Continuous Delivery

Generate new machine images for multiple platforms, launch and test, and verify the infrastructure changes work; then, use Terraform to put your images in production.

Appliance Demo Creation

Create software appliances and disposable product demos quickly, even with software that changes continuously.

Build.  Deploy.  Release.

Waypoint provides a modern workflow to build, deploy, and release across platforms.

Waypoint uses a single configuration file and common workflow to manage and observe deployments across platforms such as Kubernetes, Nomad, EC2, Google Cloud Run, and more.

Build

Waypoint builds applications for any language or framework. You can use Buildpacks for automatically building common frameworks or custom Dockerfiles or other build tools for more fine-grained control.

The build step is where your application and assets are compiled, validated, and an artifact is created.

This artifact can be published to a remote registry or simply passed to the deploy step.

Deploy

Waypoint deploys artifacts created by the build step to a variety of platforms, from Kubernetes to EC2 to static site hosts.

It configures your target platform and prepares the new application version to be publicly accessible. Deployments are accessible via a preview URL prior to release.

Release

Waypoint releases your staged deployments and makes them accessible to the public. This works by updating load balancers, configuring DNS, etc. The exact behavior depends on your target platform.

The release step is pluggable, enabling you to drop in custom release logic such as blue/green, service mesh usage, and more.

Simple and secure remote access

Access any system from anywhere based on user identity.
 
 

Secure access to hosts and services

Traditional approaches like SSH bastion hosts or VPNs require distributing and managing credentials, configuring network controls like firewalls, and exposing the private network. Boundary provides a secure way to access hosts and critical systems without having to manage credentials or expose your network, and is entirely open source.

 

Authenticate

Authenticate with any trusted identity provider you are already using. No need to distribute new credentials and manage them.

Authorize

Authorize access based on logical roles and services, instead of physical IP addresses. Manage dynamic infrastructure and integrate service registries so hosts and service catalogs are kept up-to-date.

Access

Automate credential injection to securely access services and hosts with HashiCorp Vault. Reduce risk of leaking credentials with dynamic secrets and just-in-time credentials.

 

More about HashiCorp

Allowing operations, security, and development teams to work in parallel

DevOps using HashiCorp