Secure Routing and Traffic Management with Ambassador and HashiCorp Consul
May 20, 2019
Learn about the routing and secure end-to-end communication capabilities of Consul Connect and Ambassador and how to use them in your network architecture.
Product Architect, Datawire
Developer Advocate, HashiCorp
One of the key steps in any digital transformation or migration from "heritage" infrastructures and monolithic architectures to modern hybrid cloud infrastructures and microservice architectures, is the process of decoupling apps from their infrastructure: incrementally and securely.
"Securely" is a crucial pillar of this transition, because according to Gemalto's Breach Level Index about 98% of the records compromised in data breaches are unencrypted on some level. There are multiple ways you need to harden your modern systems against PII theft:
- Secure your data at rest
- Harden your compute
- Secure your data in transit (i.e. your communications)
This webinar, hosted by HashiCorp developer advocate Nic Jackson and Datawire product architect Daniel Bryant, will focus on locking down your communications with some elegant encryption methods. Two tools that can help manage network traffic securely in modern environments and service-based architectures are Ambassador and HashiCorp Consul. Ambassador is an API gateway (or Edge gateway) that handles north-south "ingress" traffic. Consul is a service discovery registry and service mesh control plane that manages and secures east-west, service-to-service traffic.
0:00 — Introduction to Consul, Ambassador, and modern security challenges & solutions
23:25 — Demo: Securing traffic between services with Consul Connect and Ambassador
38:30 — Conclusion and extra content
47:04 — Q&A
You mention moving towards the proposed architecture step-by-step. What would be the right place to start? How does the 'hybrid' situation work until you are in the pure service-based separation?
Consul used Envoy for the proxy. Why not have the proxy built into Consul? Is Envoy the standard?