Secure Routing and Traffic Management with Ambassador and HashiCorp Consul

May 20, 2019

Learn about the routing and secure end-to-end communication capabilities of Consul Connect and Ambassador and how to use them in your network architecture.


  • Daniel Bryant

    Daniel Bryant

    Product Architect, Datawire
  • Nic Jackson

    Nic Jackson

    Developer Advocate, HashiCorp

One of the key steps in any digital transformation or migration from "heritage" infrastructures and monolithic architectures to modern hybrid cloud infrastructures and microservice architectures, is the process of decoupling apps from their infrastructure: incrementally and securely.

"Securely" is a crucial pillar of this transition, because according to Gemalto's Breach Level Index about 98% of the records compromised in data breaches are unencrypted on some level. There are multiple ways you need to harden your modern systems against PII theft:

  • Secure your data at rest
  • Harden your compute
  • Secure your data in transit (i.e. your communications)

This webinar, hosted by HashiCorp developer advocate Nic Jackson and Datawire product architect Daniel Bryant, will focus on locking down your communications with some elegant encryption methods. Two tools that can help manage network traffic securely in modern environments and service-based architectures are Ambassador and HashiCorp Consul. Ambassador is an API gateway (or Edge gateway) that handles north-south "ingress" traffic. Consul is a service discovery registry and service mesh control plane that manages and secures east-west, service-to-service traffic.

» Outline

0:00 — Introduction to Consul, Ambassador, and modern security challenges & solutions

23:25 — Demo: Securing traffic between services with Consul Connect and Ambassador

38:30 — Conclusion and extra content

47:04 — Q&A

» Q&A

  • You mention moving towards the proposed architecture step-by-step. What would be the right place to start? How does the 'hybrid' situation work until you are in the pure service-based separation?

  • Consul used Envoy for the proxy. Why not have the proxy built into Consul? Is Envoy the standard?

» Slides

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now