HashiConf Digital 2020 Recap and Announcements

HashiConf Digital 2020 Recap and Announcements

HashiConf Digital 2020 Recap and Announcements

HashiConf Digital 2020

There have been plenty of exciting announcements from this year’s HashiConf digital conferences - including the introduction of the HashiCorp Cloud Platform (HCP) and the announcements during HashiConf Digital 2020 of Consul for AWS and Vault for AWS. An also notable announcement in the most recent HashiConf Digital event is the addition of Consul Terraform Sync (Tech Preview) which enables self-service network automation capabilities. Last but not least, the addition of two new products: HashiCorp Boundary which provides a zero-trust access solution for the cloud and HashiCorp Waypoint which is used for building, deploying, and releasing.

Consul Terraform Sync (Tech Preview)

Consul, Consul Terraform Sync, and the underlying network infrastructure devices

Consul, Consul Terraform Sync, and the underlying network infrastructure devices

Consul Terraform Sync is a tool that helps enable network automation with self-service capabilities for teams. This allows organizations to streamline their process of creating new networking resources for cloud teams and facilitates rapid, secure development of cloud infrastructure. This reduces the amount of manual approval processes common throughout enterprises. Consul Terraform Sync works by using compatible Terraform modules that leverage the existing Terraform provider ecosystem. For more information, read the announcement here.

HashiCorp Boundary

Access Hosts and Services Across Clouds with HashiCorp Boundary

Access Hosts and Services Across Clouds with HashiCorp Boundary

Similar to Google Cloud’s BeyondCorp, HashiCorp Boundary is a new open-source project that cloud security practitioners and operators can employ to enable Zero trust security patterns. Zero trust security products provide assistance in enforcement of the principle of least privilege by restricting access to sensitive systems even if an identity was previously authenticated.

Boundary differs from typical zero trust security offerings by enabling first class integration with other HashiCorp products such as Consul Service Mesh and Vault Secrets Manager. Boundary authenticates, then authorizes each request by associating users to services and hosts at the application layer. In the process, a user establishes a TCP connection through a Boundary worker node which acts as a proxy. By doing this, onboarding and management of identities throughout an organization are simplified and are a far cry from traditional VPN or SSH bastion hosts. In this respect, Boundary acts similar to Identity-Aware Proxy (IAP) on GCP. New features such as additional application (Layer 7) connection protocols, OIDC authentication, authorization methods, and dynamic target discovery should be looked at for the near future for this product. For more information, read the announcement here.

HashiCorp Waypoint

Workflows with HashiCorp Waypoint

Workflows with HashiCorp Waypoint

Having a robust build, deployment, and release process is essential for workloads running securely in the cloud. Waypoint helps with this by providing a way to develop a modern workflow for deployments on a variety of platforms including Amazon EC2, HashiCorp Nomad, Google Cloud Run, and Kubernetes. Waypoint comes with logging/auditing features, live execution of commands in applications, publicly-accessible preview URLs for deployments, a Web UI to monitor projects, and integrations with CI/CD systems using an extensible plugin interface. For more information, read the announcement here.

Consul on the HashiCorp Cloud Platform (Public Beta)

HashiCorp Consul on the HashiCorp Cloud Platform (HCP)

HashiCorp Consul on the HashiCorp Cloud Platform (HCP)

HashiCorp Consul for HCP was announced, enabling a fully-managed, easy to deploy service mesh for Amazon EKS, ECS, and EC2 applications. Along with a walkthrough in setting up Consul on the HashiCorp Virtual Network (HVN), the HCP portal supports an access control feature, meaning that identities can be set up with granular privileges to the Consul service mesh. Support for other clouds has been mentioned as an eventuality in the announcement. For more information, read the announcement here.

Vault on the HashiCorp Cloud Platform (Private Beta)

Comparison of AWS Secrets Managers: Operationally, Vault price varies on implementation

Comparison of AWS Secrets Managers: Operationally, Vault price varies on implementation

One drawback of HashiCorp Vault, outlined in our comparison of secrets managers articles for GCP and AWS is the operational overhead associated with deploying it. Before this announcement, it was up to cloud practitioners and operators to deploy Vault (which can be performed via an AWS or GCP Terraform Module, Helm chart on Kubernetes, etc.) and be responsible for the maintenance of Vault (updating, scaling, backups, etc.). With Vault for HCP, Vault is fully managed with deployment and maintenance that is taken care of by HashiCorp. Pricing for this private beta has not been announced, and this platform is only available for deployment on HashiCorp’s Virtual Network (HVN) on AWS (but can be used for multiple clouds). Deployment for other clouds is in the plans for this product. For more information, read the announcement here.

About ScaleSec

ScaleSec is a service-disabled, veteran-owned small business (SDVOSB) for cloud security and compliance that helps innovators meet the requirements of their most scrutinizing customers. We specialize in cloud security engineering and cloud compliance. Our team of experts guides customers through complex cloud security challenges, from foundations to implementation, audit preparation and beyond.

Get in touch!

End Security Debt with AWS Security Hub

Pay down security debt by configuring, controlling, and monitoring your AWS accounts with AWS Security Hub.

Next article

Here for you

Have questions? Leverage our expertise to help you meet your business goals with a strong security posture.

Join us

ScaleSec is a well-connected, fully remote team. We thrive in the great undocumented beyond. We’re hiring in most US metros.

Get in touch

Considering cloud? Want to optimize and transform your existing digital portfolio?
Reach out to us.

Gap Assessment

Get perspective. Address security comprehensively.

Prepare for compliance.

ScaleSec
San Diego, CA 92120, United States

619-SCALE15

© 2020 ScaleSec. All rights reserved. | Privacy Policy