Solutions Engineering Hangout: Vault High Availability & Disaster Recovery

Reliability engineering includes security infrastructure as well as the servers keeping your applications live. Vault secrets management services are a critical piece for securing many business' service-oriented architectures and automated data centers. Ensuring Vault services are highly available and never go down is a key architectural consideration for production workloads.

In this video, HashiCorp solutions engineer Vinnie Ramirez demonstrates a few scenarios that showcase the high availability (HA) mode within a Vault cluster and disaster recovery (DR) replication (a Vault Enterprise feature).

• HA mode protects against outages by running multiple Vault servers.
• Replication, a Vault Enterprise feature, can be used to provide performance, scalability, and DR among private, geographically distributed data centers.

What you'll learn

• How to use Vault and Consul interfaces for high availability
• How to use Vault Enterprise's DR replication features

Outline

00:00 — Introduction

03:19 — Demo: High availability & DR replication

27:30 — Q&A

Questions answered in this hangout

• Is High Availability (HA) an enterprise-only feature?
• Between primary Vault and performance clusters, can we write secrets to both clusters and replication happens both ways?
• Can we replicate and force DR to our local instance on-prem or to our AWS instance?
• Can you please share thoughts and concerns on running clusters of Vault and Consul on Kubernetes?
• I'd like to understand examples of real production concerns with running in orchestrators.
• Is there a reference architecture available for creating an enterprise cluster, including all the system requirements needed? I am looking at geo-replicated in Azure specifically.
• What technology can you recommend for me to run HA Vault on-premise, without using cloud? For now I’m trying to do so via multiple containers with Kubernetes.
• Is it possible to do HA without using Consul?

Slides