FAQ

How Do I Rightsize My Vault Cluster Count?

Published 8:00 AM UTC Jan 27, 2020

The answer will depend on how many datacenters you have and how much tolerance you have for latency issues.

Speakers

Transcript

“How Do I Rightsize My Vault Cluster Count?” This can be a difficult question to answer at first when you look at the very large datacenter accounts that you have for some of our clients. But there are a few key things to keep in mind.

First is the overall datacenters that you have. Second is, How much tolerance do I have for latency issues, or any kind of network segmentation that I might have between my various networks and between my various datacenters?

Performance issues influence cluster count

There's also some performance-type information that you have to answer as well. If you have low amounts of secrets that you're working with, you may be able to tolerate network segmentation or latency between various datacenters. But if you have high-throughput, very latency-sensitive applications, it's most likely that you're going to need some kind of Vault cluster in the datacenter that's supporting the applications that you're working with.

What we typically find within our clients is that they want to have their secrets management solutions as close to the data as possible. And if you have tertiary apps, or something that's located maybe on edge datacenters or something like that, you might be able to have a lesser cluster count.

In terms of optimization of the cluster sizes, it really comes down to the type of throughput that you're going to have with Vault. If you have very large read or write throughput inside of your datacenters, then of course you're going to want to have more of a high-availability setup, such that you're able to service the amount of read requests that ae coming through.

Vault is very sensitive to write requests as well. So if you have very heavy write throughputs, it may make sense for you to have better hardware and an HA solution that is able to service that.

If you have further questions about how to size your Vault architecture across your datacenters, feel free to reach out to us. Our solutions engineers are here with a spreadsheet to help you do appropriate sizing of your environments.

More resources like this one

  • 4/11/2024
  • FAQ

Introduction to HashiCorp Vault

Vault identity diagram
  • 12/28/2023
  • FAQ

Why should we use identity-based or "identity-first" security as we adopt cloud infrastructure?

  • 3/14/2023
  • Article

5 best practices for secrets management

  • 2/3/2023
  • Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones

View all resources