Keynote: HashiCorp Consul Service on Azure

Watch Mitchell Hashimoto unveil HashiCorp Consul Service (HCS) on Azure, the first fully managed service mesh.

Adopting a service discovery or service mesh approach to networking your application microservices can be a challenge. HashiCorp Consul Service (HCS) on Azure makes setting up these approaches seamless, with minimal operational overhead.

As the first fully managed service mesh, HCS allows operators to just focus on applications and workloads while connecting microservices is done securely by HCS. The system works through Azure identity and billing systems, providing an Azure-native user experience.

In this keynote segment, Mitchell Hashimoto will demo HCS, which is currently in private beta.



We can see the importance that networking plays in this multi-everything, multi-platform adoption, and the critical functionality that Consul provides.

It's very important that Consul is as easy to adopt as possible. The Consul core team has been doing really good work every single release to make that easier. If you look back at the past few releases, we've made securing by default easier, we've made introducing ACLs easier, we've made upgrades a little bit easier.

Introducing HashiCorp Consul Service on Azure

Little by little we've made things easier, but we always wanted to do more, and so we went to the drawing board, and it's like, "What can we do to make Consul easier to adopt?" An obvious answer stood out, which is, "We could run it for you."

So today, I'm excited to announce the HashiCorp Consul Service on Azure. HSC on Azure is the easiest way to launch and integrate service discovery and service mesh. It is Consul as a service, and it is also the first fully managed service mesh as a service.

As a service, you get the features you would expect. We provision Consul clusters for you automatically, we handle backup and restore, we handle upgrades, we handle scale up and scale down. All of this is consumption-based pricing, time-based pricing; it's not a big up-front commitment.

By integrating very deeply with Azure, we're able to keep Azure native identity and billing. With this release, you don't need to sign up with us; you can use an Azure identity, and our costs show up on your first-class Azure bill, and are billed directly through however you pay Azure.

All of this is HashiCorp-managed, so when you create a Consul cluster, when a backup is necessary, when we perform an upgrade, all of that control plane work is handled through software that's built and run by us.

It runs in our datacenters, or cloud datacenters, the software's run by our engineers, etc. We've hired and built out a HashiCorp SRE team that is handling the management of all the customer clusters. But all the while we've partnered with Microsoft to deeply integrate, from sales to technical implementation.

Here’s a diagram of how this works. You would find the HCS application, and you would ask us to create it. That comes back to our software, and we handle the creation, and the creation of the cluster shows up in your account in a managed group. We have access to modify the resources just in that group, but by putting it into your account you could easily do VNet peering, or handle any way to get access to those Consul clusters.

It's way easier to see it with a demo, so I'm going to show you a video of what this looks like. What we're going to start with is the page you would see after hitting Create Consul Cluster.

You'll notice this is right in the Azure portal. It feels just like a first-class system directly in Azure.

This is the first thing you see. One of the first things is selecting the region. We are supporting, right away at launch, every single public Azure region.

You would select your resource group that you want to launch this in. You could create a new one, which is what we're going to do here, an empty resource group to launch all the Consul resources into. Then you hit Next, and you're presented with a bunch of Consul settings.

You could name your cluster, name the logical datacenter, choose the Consul version you want to deploy, determine your backup and upgrade behavior. Do you want automatic upgrades? Do you want manual upgrades? What interval do you want us to take snapshots in? There's a number of options here that you could choose.

You go ahead and choose them, hit Next, we validate the configuration for you, and then once it's valid, you could hit Create. That initiates a deployment, which we'll click into here. The deployment takes a few minutes; we fast forward it in the video.

Soon you'll see an HCS instance show up right here, and then very shortly after that, that'll become clickable. When you click into that HCS instance, you land on an "HCS on Azure" dedicated page, and you'll see in the sidebar a bunch of Consul-specific things.

The first one we look at is the Consul clusters list, this list for all the clusters you have. You can add more, you can see metadata about a diversion, and so on. If you select the cluster, you could do a bunch of manual steps, such as manually forcing a snapshot or manually performing an upgrade.

And then in the left-hand side, you'll see a link to the UI as well. So we click that, and when you click the UI, it loads the Consul UI directly in the Azure portal.

This is a lot fancier than it looks, because what we're doing here is, when we deploy a Consul cluster, we deploy everything secured by default. TLS is fully set up, ACLs are fully set up, gossip encryption is all there.

When you load this UI you'll notice that there's no token entry required or anything. Since we integrate deeply with Azure, when you click that button, we're able to use your Azure identity to prove that you have access to the Consul UI, and log you right in. So you get access directly there.

You could also choose optionally to put the UI on an external endpoint if you want to handle access yourself, or you could keep it private and only access it through the Azure portal.

That is everything about Consul. HCS on Azure is available in private beta today. If you'd like to get access to it, please get in touch with us, and you could look at to learn more.

More resources like this one

  • 2/3/2023
  • Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones

  • 12/13/2022
  • White Paper

A Field Guide to Zero Trust Security in the Public Sector

  • 12/5/2022
  • Case Study

Enabling infrastructure as code at LinkedIn

  • 11/30/2022
  • Case Study

How Weyerhaeuser automates secrets with Vault and Terraform