Secure Routing and Traffic Management with Ambassador and HashiCorp Consul

One of the key steps in any digital transformation or migration from "heritage" infrastructures and monolithic architectures to modern hybrid cloud infrastructures and microservice architectures, is the process of decoupling apps from their infrastructure: incrementally and securely.

"Securely" is a crucial pillar of this transition, because according to Gemalto's Breach Level Index about 98% of the records compromised in data breaches are unencrypted on some level. There are multiple ways you need to harden your modern systems against PII theft:

• Secure your data at rest
• Harden your compute
• Secure your data in transit (i.e. your communications)

This webinar, hosted by HashiCorp developer advocate Nic Jackson and Datawire product architect Daniel Bryant, will focus on locking down your communications with some elegant encryption methods. Two tools that can help manage network traffic securely in modern environments and service-based architectures are Ambassador and HashiCorp Consul. Ambassador is an API gateway (or Edge gateway) that handles north-south "ingress" traffic. Consul is a service discovery registry and service mesh control plane that manages and secures east-west, service-to-service traffic.

Outline

0:00 — Introduction to Consul, Ambassador, and modern security challenges & solutions

23:25 — Demo: Securing traffic between services with Consul Connect and Ambassador

38:30 — Conclusion and extra content

47:04 — Q&A

Q&A

• You mention moving towards the proposed architecture step-by-step. What would be the right place to start? How does the 'hybrid' situation work until you are in the pure service-based separation?

• Consul used Envoy for the proxy. Why not have the proxy built into Consul? Is Envoy the standard?

Slides