The answers to these questions from our HCP Consul early adopters might help you.
HashiCorp Cloud Platform (HCP) Consul became generally available in early March. Since then, many users have leveraged this fully managed service mesh to discover and secure their services running on Amazon Web Services. Along the way, we’ve fielded some good questions from early users. Now we’re sharing the answers with you so that everyone’s HCP Consul onboarding experience is just a little bit smoother. We look forward to continued feedback and questions so we can all learn more as HCP Consul continues to evolve.
How is HCP different from a cloud provider, like AWS?
HCP is a managed platform specifically for running HashiCorp tools — we do not provide infrastructure for running applications. Cloud providers, like AWS, allow users to leverage their datacenters so users don’t have to run their own. You pay for the usage, not the equipment.
Of course, organizations still need to provision, secure, and connect that infrastructure for both internal and external usage. Cloud providers do offer their own solutions for this, but organizations with multi-cloud or hybrid cloud environments will often prefer to use tools and services that work across cloud providers.
That’s where HashiCorp tools come in. Our tools can run in any environment and manage any infrastructure. Unfortunately, not every organization has the operational resources to fully support running these tools on their own — HashiCorp Cloud Platform (HCP) is the right fit for those users. While HCP currently runs only on AWS, we plan to extend the platform to support multiple cloud providers, providing that same multi-cloud consistency as a self-managed strategy, with less overhead and management burden on users.
What’s an HVN? How is an HVN different from a VPC?
HVN stands for HashiCorp Virtual Network. It is a dedicated VPC (virtual private cloud) in the HashiCorp AWS environment. HCP is structured so that each user organization is a standalone tenant in the HashiCorp AWS environment. Our SREs monitor these environments to ensure uptime and stability as well as the health of the Consul clusters deployed into these HVNs.
HVNs must be peered to an active VPC in order to deploy HCP Consul, just like you would if you were connecting multiple VPCs in their own AWS accounts. For a deeper dive on how to peer an HVN with a VPC, please review this HashiCorp Learn guide or watch this getting started video. In the future, we plan to add the ability to connect the HVN to an AWS Transit Gateway in addition to VPC peering.
How does HCP IAM map to AWS IAM?
As of today, they do not. The identity access management (IAM) roles in HCP are strictly for managing access and capabilities on the HCP platform itself. We are working on integrating HCP’s IAM roles with third-party identity-management solutions.
Will I get charged for each user that I add to HCP?
No. We do not charge for users added to an HCP organization. The only charges your organization will incur are for active Consul clusters and usage (e.g. service instances on production-grade clusters).
Which of my current cloud-provider-specific tools does HCP Consul align to?
HCP Consul provides two core use cases: service discovery and service mesh. Consul’s service discovery capabilities enable users to track the location and health status of all applications running in their environments. Along with providing these discovery capabilities, Consul can be used for load balancing and DNS resolution. In the AWS world, users may be using solutions like application load balancers, CloudMap, or Route53 to achieve these solutions, but HCP Consul provides all the capabilities in one tool (and soon for more than just AWS).
From a service mesh perspective, HCP Consul is similar to AWS App Mesh but offers additional capabilities like traffic management and the support for both containerized and non-containerized applications. HCP Consul also provides gateway capabilities for interacting with services that cannot participate in the mesh due to compliance or technology limitations. And as we mentioned earlier, HCP Consul will soon work in clouds other than AWS, whereas App Mesh only works in that cloud.
What are some simple example use cases for HCP Consul? How are other customers using it?
As mentioned in the previous question, HCP Consul provides service discovery and service mesh functionality. Let’s break down how a user might use these in their environment:
Service discovery: Currently organizations may use a manual process for tracking IP addresses of applications, like configuration management database (CMDB) tools or spreadsheets. In a cloud environment, however, tracking the location and reachability of a service can become unwieldy with these methods.
Instead, using HCP Consul you can create a centralized registry of all your applications and perform health checks to ensure they are reachable. Registering a service with Consul is simple and can be completely automated. The first question to ask is, “How are you currently tracking service information for your application in AWS?” If you aren’t tracking that, Consul could be a great fit.
Service mesh: Consul service mesh is built on top of Consul’s discovery capabilities. It leverages its centralized catalog to facilitate secure service-to-service connections across applications. The use cases for Consul service mesh typically fall into three buckets:
We have a number of guides for running Consul service mesh. This one, on how to Connect an Elastic Kubernetes Service Cluster to HCP Consul, is a quick way to get started with a test application on HCP Consul.
We know there will be more questions as the user base for HCP Consul grows so visit our Discuss forums when you have additional questions so that we can help resolve them for you. If you haven’t already tried HCP Consul, now is a great time to get started! We have credits available for new users to try their first deployment of HCP Consul at no cost. For more information, please visit the HashiCorp Consul product page.
The new Consul API Gateway is a dedicated ingress solution for intelligently routing traffic to applications running on the HashiCorp Consul service mesh.
HashiCorp Consul 1.11 adds important new features: multi-tenancy with administrative partitions and a new installation-and-management Consul Kubernetes CLI.
Compliance-driven network infrastructure automation with Consul-Terraform-Sync 0.4 is now generally available for HashiCorp Terraform Cloud.