A recap of key announcements and presentations from HashiConf Global 2021 — focused on the needs and interests of enterprises.
At last week’s HashiConf Global 2021, thousands of community members gathered online to take part in product workshops, share ideas, and deepen their knowledge of HashiCorp products. It’s never too late to catch up on everything that happened, but with so many presentations, it’s not always obvious which sessions are most relevant to you. To help you find the content you want, last week we posted a recap of the event for individual practitioners, and this post focuses on highlights specifically for our enterprise customers, starting with customer-led sessions, then the keynotes and product news, and concluding with personal insights from HashiConf Co-Founder Mitchell Hashimoto.
HashiConf is a great place to learn from the folks actually using HashiCorp products and services in the real world. There were informative sessions featuring folks from Petco, AWS, ShopStyle, Citrix, and many others, but here are a few of special interest to enterprises:
HashiCorp Co-Founder and CTO Armon Dadgar sat down with Jeff Dillon, Wayfair's associate director of developer platforms, and Travis Cosgrave, Wayfair’s senior manager of configuration management, for an informal fireside chat around how leveraging the HashiCorp stack helped the giant online furniture and home goods seller complete the monumental task of transitioning from private datacenters to the cloud. Wayfair sells more than 14 million items from more than 11,000 global suppliers. Moving this system to the cloud created a host of new challenges, starting with secrets management and changing scale. Due to these challenges, the Wayfair team had to rethink their existing secrets management setup by leveraging HashiCorp Vault, and shift how they managed seasonal changes in scale with HashiCorp Terraform.
Tide Business Bank — a leading U.K. fintech firm — discussed its HashiCorp Consul adoption story. Jez Halford, Tide’s head of cloud engineering, explained how the bank uses HCP Consul to wire up Amazon ECS and EC2, as well as ECS and AWS Fargate. Notably, the big move to Consul came without downtime or a painful “big bang” migration. If you are using Amazon Web Services (AWS), Jez’s talk is especially relevant, offering a playbook on how to gain greater networking automation across different AWS runtimes.
View Tide's Self-Service Service Mesh With Consul session.
Target — one of the largest retailers in the U.S., with more than 1,900 locations — has to protect an extraordinarily large attack surface. Shane Petrich, a Target lead engineer, detailed how the company embraced DevOps and agile methodology as part of its overall cloud migration, and made the decision to centralize its secrets management. With many complex requirements around security, availability, stability, and compliance — along with a mandate to automate everything and keep it simple – the team arrived at a solution leveraging HashiCorp Vault. Shane explained how Target manages and maintains its enterprise deployment of Vault, including unattended builds, automated maintenance activities, and client onboardings. This is a big job, and it requires constant vigilance from platform teams.
View the Managing Target's Secrets Platform session.
Interested in deploying your own service mesh? You aren’t alone. According to the HashiCorp State of Cloud Strategy Survey, service mesh adoption is expected to grow 250% in the year ahead. Mark Guan and Ruoran Wang, software engineers at Stripe, explained how the fintech giant did just this with HashiCorp Consul. The pair reveal the details of the company’s multi-region service networking tech stack and offer an inside peek at Stripe’s overall topology across various AWS accounts and regions, and how the team federated multi-region clusters. Stripe is on the cutting edge of modern networking, and there’s a lot to learn from its experience with Consul and Kubernetes.
View the Consul Use Cases At Stripe: Service Mesh and More session.
The hallmark of a reliable distributed system is that it continues to behave as expected, even as it changes rapidly. This is especially important at an organization like Workday, whose on‑demand financial management and human capital management software needs to scale and update on a moment's notice. Workday’s vendor platform team supported this rapid expansion and innovation by leveraging HashiCorp Consul and HashiCorp Vault as part of its critical infrastructure. Workday Principal Engineer Daniele Vazzola explained how his company uses HashiCorp tools to support deployments across multiple cloud providers and on-premises datacenters. He also detailed how this multi-cloud fabric empowers service teams to autonomously set up secure connections across datacenters between workloads running on heterogeneous platforms.
View Workday's Multi-Cloud Network Fabric With Consul & Vault session.
As always, HashiConf Global 2021 was packed with news about new HashiCorp products, features, and enhancements. For starters, check out the Day 1and Day 2 keynote sessions featuring top HashiCorp execs, Sue Bohn, vice president, identity and network access division at Microsoft, and other leaders and experts:
Microsoft and HashiCorp announced a strategic partnership to make zero trust security more accessible with identity-based security solutions. This new stage in our partnership focuses on secure remote access, making it as easy as possible to access remote services anywhere with HashiCorp Boundary leveraging trusted identities from Microsoft Active Directory. Initially announced at last year's HashiConf, Boundary is a secure remote-access solution that provides an easy way to allow access to applications and systems with fine-grained authorizations based on identities.
In addition, in his opening keynote, HashiCorp Co-Founder and CTO Armon Dadgar shared that we have opened applications for organizations interested in joining the Boundary Insider Program to get close to the development of Boundary and so that developers can directly participate in the evolution of Boundary. Check out Boundary in action through the on-demand breakout session, where you can view a demo and see how users can begin using Boundary with Microsoft Azure Active Directory.
Also in the opening keynote, HashiCorp Co-Founder Mitchell Hashimoto gave an update on the development of HashiCorp Waypoint, an open source project that simplifies how developers build, deploy, and release applications across any platform. Waypoint’s core thesis is simple: Developers just want to deploy and HashiCorp can help by enabling developers to get their applications from development to production in a single configuration file and with a unified workflow.
As the Waypoint team has worked to advance these goals since the project was announced last year, we’ve observed that many users are primarily looking to simplify the complexity of Kubernetes in their deployment environments. Therefore, in the recently released Waypoint 0.6 and the next few releases, HashiCorp is doubling-down on Kubernetes. Our goal is to empower operators to deliver a Platform-as-a-Service (PaaS) experience for Kubernetes and be able to scale that experience consistently across other popular platforms, including Amazon ECS, HashiCorp Nomad, serverless, and more.
See a real-world Waypoint product demo with Kubernetes to learn more.
Many IT teams have a gap in their automation between the creation of images and their deployment, and earlier this year, we announced HCP Packer to address that issue. At HashiConf, Mitchell announced that this service is now available for anyone to use as it enters full public beta. The service is compatible with any modern toolchain, but it is especially useful for teams that use Packer and Terraform Cloud. Every HashiCorp Cloud Platform (HCP) user will see the new Packer service in their accounts now, and the beta is free to use. You can try out HCP Packer, and our other cloud services, for free at cloud.hashicorp.com or find out more in our blog post Announcing the Public Beta of HCP Packer.
View The Future of HCP Packer session.
In the HashiConf Global Day 2 Keynote, Armon announced the new Consul API Gateway (see more on that below) and discussed how HashiCorp Consul is helping to develop the next evolution of service networking, which he referred to as dynamic networking. Consul provides a platform to support dynamic networking, enabling you to discover and secure service-to-service access, automate networking tasks, increase developer productivity, and improve observability and insights. Toward this new dynamic, he announced the public beta of Consul 1.11.
Key updates in this version include a Kubernetes CLI to simplify the user experience when installing, maintaining, and upgrading Consul on Kubernetes and as part of enterprise-scale considerations. We also announced Admin Partitions, which** **enable multi-tenancy on service mesh for larger organizations and teams and reduce operational overhead for teams deploying many Kubernetes clusters and virtual machines. Finally, Armon explained how Consul can run in almost any runtime and introduced Consul’s new Amazon ECS integration that supports both AWS Fargate and Amazon EC2 launch types. Learn more in the Announcing HashiCorp Consul 1.11 Beta blog post.
View the Consul Roadmap session.
Many HashiCorp Consul customers who leverage a large number of API-driven services have asked if there is a native way to access them as part of their larger service mesh. With this in mind, HashiCorp introduced Consul API Gateway, a dedicated ingress solution for intelligently routing traffic to applications running on the HashiCorp Consul service mesh. The Consul API Gateway will enable customers to deploy a secure ingress and egress point for controlling access and requests from external users and services. The Consul API Gateway is currently in development — fill out this form to be contacted when it’s available.
View the Deploying a Service Mesh at Enterprise Scale With Consul talk.
Paul Hinze, vice president, engineering, on the HashiCorp Terraform team, shared advancements in the Cloud Development Kit (CDK) for Terraform project that will let developers write code in their language of choice. HashiCorp’s new CDK for Terraform tool provides the necessary translation to integrate this code with Terraform workflows.
In addition, Paul discussed quality-of-life improvements to the Terraform web interface, the launch of Consul-Terraform-Sync, Terraform Cloud Agents on Terraform Enterprise, and continued expansion of the Terraform provider ecosystem, including a new official Kubernetes provider.
View the Getting Started With CDK for Terraform workshop.
Zero trust security is a hot topic these days, and for good reason. It’s the modern approach to protecting critical systems and customer data. This might sound simple, but what does zero trust implementation really entail? Kyle Schochenmaier, HashiCorp senior engineer on the Consul ecosystem, and David Yu, HashiCorp senior product manager, walked attendees through how to use HashiCorp Vault as the secrets management backend for Consul atop Kubernetes. They also discussed how to rotate secrets in Consul on Kubernetes. Watch this talk to get ideas on how your Kubernetes shop can leverage this technology to increase your security posture.
View the Vault for Secrets Management and TLS in Consul K8s workshop.
Darshan Bhagat, product head for Vault, and Naaman Newbold, director of engineering, Vault, tag-teamed to present some great customer use cases for Vault around a number of topics, including leveraging Vault to manage millions of secrets at scale, deployment on Kubernetes, and deploying advanced data protection to protect their customers personally identifiable information (PII). In addition, they discussed upcoming improvements to the core secrets management solutions through the addition of more secrets management engines, adding more capabilities in key and certification management, and workflow improvements to make it easier to use and add capabilities, such as FIPS 140-2 and FIPS 140-3 compliance.
Vault users can look forward to upcoming quality-of-life improvements focusing on product adoption, onboarding, and administrator experience. There will also be a focus on increased integrations, including more identities systems, databases, platforms (such as Kubernetes), public clouds, data stores, SaaS platforms, and encryption partners. Finally, we’re working on continued improvements to product scalability, performance, and resiliency to help customers of any size increase their Vault footprint.
View the Vault Roadmap session.
This post has focused on just a few of the great talks and presentations at HashiConf Global 2021. You can view them all on the HashiCorp YouTube channel, but I want to conclude by highlighting one very special session:
To close out this year’s HashiConf Global, HashiCorp Co-Founder Mitchell Hashimoto sat down with HashiCorp’s Nic Jackson, HashiCorp developer advocate, and Anubhav Mishra, advisor to the CTO and head of HashiCorp Labs, to share his personal story, including how he got into software development, the challenges of creating and distributing open source projects, his career, his future goals, and more. Interesting insights from this talk include:
We hope you enjoyed this year's HashiConf Global. To learn even more about how HashiCorp and the cloud operating model are leading to better business outcomes, you can watch all the conference videos on our YouTube playlist and in the HashiCorp Resource Library.
Now is your chance to apply for a scholarship to attend the HashiConf Global conference in San Francisco, Oct. 10-12.
Intel Cloud Optimized Modules for Terraform and Sentinel standardize infrastructure deployment and increase performance with purpose-built policy as code.
Attending KubeCon EU, either in person or online? Check out what HashiCorp is doing and talking about at the event, and learn about recent Kubernetes-related product features.