Frontend growth requires backend support
The march toward cloud-based operations has been gaining steam in recent years. But the unprecedented challenges of 2020 pushed global enterprises to accelerate that migration, which also meant finding a centralized platform for monitoring all the moving pieces. Many organizations turned to Anaplan for help.
Anaplan provides data for decision making in a single, cloud-based platform, allowing its customers to orchestrate business performance without having to manage the IT systems to support that platform. As its customers’ data grew exponentially, so did Anaplan’s need for efficient, secure, and scalable backend storage and infrastructure to support it all.
"Releasing new updates and versions of our platform should be easy as breathing. It should be common and just happen. As we grew, it became a higher risk, higher stress event because we had to manage the systems and network side of the operation as well as managing secrets separately,” says Brian Menges, principal cloud engineer at Anaplan. “Doing those in parallel took a lot of time and proved costly over the long run. We wanted a way of reducing the overall complexity in our release practices as well as how much it costs to manage without impacting service availability or performance.”
More complexity means more costs
Anaplan’s fast-growing software-as-a-service (SaaS) platform requires continuous updates and new functionality to keep up with rapidly evolving customer demands and the pressures of the modern digital economy.
For years, the team used HashiCorp Consul to back HashiCorp Vault as the storage that managed the access keys and secrets across a number of clouds. But managing them in tandem meant the team had to spend time and resources managing two separate platforms — maintaining the images, coordinating the operating systems, along with paying for the storage network traffic between them — which required double the effort.
“We always had multiple maintenance cycles to watch and any changes in one could impact the other, so we had to pull double duty to make sure they were working from the same data and configurations,” Menges explains. “Consolidating down to a single secrets management platform seemed ideal for streamlining our operations, improving our operating efficiency, while minimizing the possibility that one system could mistakenly and negatively impact the other and our overall critical service availability."
According to Menges, balancing version or feature releases with maintaining service availability depended heavily on his team’s ability to effectively manage as many as seven different instances of HashiCorp’s infrastructure-as-code solution, Terraform, as well as nearly a dozen Consul and Vault clusters.
“The sheer number of audit logs, dashboards, virtual machines, and configuration styles required for running two separate systems that realistically can function as one consumed a lot more of our time and budget than what we thought was necessary,” he says. “Ultimately, we decided that consolidating two systems into one could help us significantly reduce our operating costs while improving both productivity and overall platform performance.”
Reducing time spent on manual secrets management and service networking
Lowering operating costs and capital expenses
Consolidating infrastructure without sacrificing performance
From many, one
Following internal discussions, the Anaplan team determined that the simplest pinch point to address was its secrets management practices, aiming to consolidate secrets operations onto a single solution. The team evaluated a number of third-party solutions and even developed its own homegrown solution for secrets but chose HashiCorp Vault’s integrated storage for its cloud-native approach and how well it fit with Anaplan's overall platform strategy and direction.
With Vault integrated storage, Anaplan can access a range of features and capabilities that create an efficient, agile, and cost-effective model for managing mission-critical data. Now the information Anaplan had previously stored elsewhere is placed on Vault servers.
More importantly, Vault integrated storage eliminates the need to set-up, manage, and monitor a third-party storage system, minimizing the amount of manual configuration the team had to execute while providing better network performance by eliminating additional network hops.
Unlike other backend storage, Vault integrated storage writes updates to the disk which frees Vault's dataset from the limitations of the amount of RAM on the host. Since it doesn’t operate from a single source of data, the Vault solution instead replicates copies of its data across all the nodes in a Vault cluster via the Raft Consensus Algorithm. Though writing directly to disk is usually a slower process than saving it to an in-memory database, it also reduces the operational burden on Menges’s team by reducing the IT footprint and helping to lower infrastructure costs.
"Using Vault integrated storage has helped us reduce the number of different clusters we had to manage by nearly half and completely eliminated many of the frontend resources we used to commit to Vault,” says Menges. “More importantly, we’re spending almost 50% less time on deployments, maintaining the images, and coordinating operating systems because we’re no longer dedicating a team to manage separate platforms. All of those policies and deployments can be automated now with Terraform, freeing our team to focus on higher-value activities.”
Time is money
According to Menges, Vault integrated storage has been a transformative force for Anaplan’s business. “One of the biggest benefits of switching to Vault integrated storage is how many fewer resources we have to watch and manage. There are half as many audit logs, dashboards, VMs, and saved images from AWS or Google to contend with,” he says. “Everything we used to have to do twice with multiple systems can now be done just once with Vault integrated storage.”
Beyond reducing the time burden on his team, Menges says that the migration has also had important fiscal benefits to the team and company too. Specifically, it’s helped the company save as much as 30% on its per-instance costs, scale down its secrets management clusters from eight VMs to five VMs each, while also eliminating costly storage network traffic and the constant traffic exchanges between systems, potentially saving thousands of dollars per year on traffic costs alone.
Still, Menges says that while the time and cost savings have been huge accomplishments for the team and company at large, the existing relationship with HashiCorp is the key to long-term success and sustainable improvements.
“We’ve maintained a great relationship with HashiCorp, so we’re comfortable making feature requests and having regular candid discussions about what's possible versus what's recommended,” he notes. “Even though we adopted some features earlier than most, there’s always more to learn, more to consider, and more to do. It’s important to have a trustworthy partner to help figure it all out and continue to push us closer to our ideal business and operational state.”
Consolidated secrets and configurations management to a single platform
Eliminated up to half the team’s time spent managing data in two systems
Reduced audit logs, saved images from AWS or Google, VMs, and dashboards by 50%
Consolidated secrets management per cluster size going from 8 VMs to 5 each
Lowered overall instance costs by as much as 30%
Anaplan is using HashiCorp Vault integrated secrets storage for more efficient secrets and configuration management supporting the backend behind its rapidly expanding customer-facing platform.
Brian Menges Principal Engineer, Cloud Platform Anaplan
Brian Menges is the principal engineer, cloud platform, at Anaplan. He’s a seasoned DevOps professional with exceptional aptitude in designing great automation and motivating teams to achieve success. Menges is responsible for leading the department’s objectives, ensuring on-time delivery and good documentation/communication, as well as optimizing development environments through common DevOps practices. Prior to joining Anaplan, Menges spent more than a decade in various roles in DevOps, business application development, and systems administration.
- Infrastructure :
- Data Center, AWS, Google Cloud
- Container runtime :
- Docker, containers
- CI/CD :
- Jenkins, Harness
- Version control:
- HashiCorp Terraform
- Security management :
- HashiCorp Vault