SE Hangout

Securing Multi-Region Applications with Consul Connect

Learn how Consul Connect fits into the multi-region traffic failover scenario, providing secured traffic throughout the failover.

Speakers

  • Ehron Gwinn
    Ehron GwinnStaff Solutions Engineer, HashiCorp

Update: Consul has even more multi-region capabilities in Consul 1.7 and Consul 1.8. Be sure to check them out!

When companies start using the public cloud, it's not long before they're putting their applications in multiple regions, which adds some network management complexity to the equation.

HashiCorp Consul, makes multi-datacenter networking much easier. Consul is built for multi-datacenter usage right out of the box. It has prepared queries to have pre-planned automation for any multi-region failovers. And the Consul Connect service mesh ensures that you maintain secure communications between apps during those failovers.

In this webinar, HashiCorp solutions engineer Ehron Gwinn will cover:

  • How to implement Service Mesh principles in a legacy environment
  • How to implement transparent, regional failover using Prepared Queries
  • How to encrypt and secure inter-service communications in an application-agnostic way

A short demo will show you how you can start integrating these practices into your environment.

Outline

0:00 — Introduction to service networking, service discovery, and service mesh

13:23 — Demo: Routing and securing traffic between services with Consul

27:08 — Q&A

Q&A

  • Can I use Consul Connect if I am not using a service mesh? I would like to have data in transit within a datacenter to be encrypted.
  • Why can’t Consul use the Connect CA to generate and distribute certificates for server and clients?
  • How does Consul observability work?
  • Does Consol Connect work only with http(s) applications? I have services that are not TCP/UDP. Does Connect support that?
  • Are there other proxy options other than Envoy?
  • Are the traces being captured by the sidecar proxy and being sent to the tracing infrastructure?
  • Are there different levels of permissions within Consul for who can control intentions?
  • How does Consul route traffic if there are multiple instances of the same service running?
  • How does Consul know if a service should get a valid certificate?
  • What is the latency effect of routing traffic through proxies?
  • Will Consul have more features for Service Mesh in the Enterprise version in the future?

Slides

More resources like this one

  • 3/15/2023
  • Case Study

Using Consul Dataplane on Kubernetes to implement service mesh at an Adfinis client

  • 1/20/2023
  • FAQ

Introduction to Zero Trust Security

  • 1/4/2023
  • Presentation

A New Architecture for Simplified Service Mesh Deployments in Consul

  • 12/31/2022
  • Presentation

Canary Deployments with Consul Service Mesh on K8s