HashiConf Global Preview: Sessions for Cloud Platform Teams
As enterprise cloud strategies mature, “platform teams” have become a best practice. Platform teams build, run, and support infrastructure and backing services that are exposed to development teams as self-service offerings.
HashiConf Global (livestream Tuesday – Wednesday, October 19 – 20, and rebroadcast for the Asia/Pacific time zones on Wednesday – Thursday, October 20 – 21) is packed with sessions designed for platform teams. Here’s a preview of the relevant HashiConf talks grouped into popular cloud architecture pillars: Operational Excellence, Security, and Reliability.
»Operational Excellence
»Tide’s Self-Service Service Mesh With Consul
Wednesday, October 20, 12:30 p.m. ET
Tide Business Bank — a leading UK FinTech firm — tells its HashiCorp Consul adoption story. This talk is especially relevant for platform owners using Amazon Web Services (AWS). Jez Halford, Tide’s Head of Cloud Engineering, explains how Tide uses HCP Consul to wire up Amazon ECS and EC2, as well as ECS and AWS Fargate. Interestingly, the move to Consul came without downtime or a painful “big bang” migration. If you want greater networking automation across different AWS runtimes — and want to upgrade from your status quo — here’s your playbook.
»A Journey to Improving SLOs With HashiCorp Vault
Wednesday, October 20, 2:00 pm ET
Experienced cloud engineers tend to have a story or two about the expired certificate everyone forgot about. Good secrets management hygiene is essential to application — and platform — uptime and reliability. In this session, George Hantzaras, a cloud engineering leader at Citrix, explains how HashiCorp Vault improved service level objectives (SLOs) in the company’s observability infrastructure.
»Redeploying Stateless Systems in Lieu of Patching
Tuesday, October 19, 1:00 pm ET
Seasoned operators know that patching is a way of life. But does it have to be? Chris Manfre, a Senior DevOps Engineer at Petco, says “no.” In this talk, he describes a better approach to vulnerability mitigation: replace unpatched instances with new instances that feature updated templates. He explains how HashiCorp Packer and HashiCorp Terraform Enterprise can help you adopt this immutable infrastructure best practice.
»Security
»Vault for Secrets Management in Consul K8s
Tuesday, October 19, 12:30 pm ET
We’re all hearing a lot about zero trust security these days, and for good reason. It’s the modern approach to protecting critical systems and customer data. But what does implementing zero trust security really entail?
Here’s a starting point: modernize your infrastructure around the new control point for security: identity. This is what the most secure organizations have done in recent years. From there, platform teams can authenticate and authorize access for services and users alike. That sounds great, but how do you actually do that in the real world? This talk will give you a big part of the answer, especially if you’re a Kubernetes shop.
Kyle Schochenmaier, HashiCorp Senior Engineer on the Consul Ecosystem, and HashiCorp Senior Product Manager David Yu HashiCorp explain how to use Vault as the secrets management backend for Consul atop Kubernetes. They also explain how to rotate secrets in Consul on Kubernetes. Attend this talk, and you’ll be in a much stronger position to combine the protections from Vault (machine authN and authZ) with those from Consul (machine-to-machine access).
»Managing Target’s Secrets Platform
Tuesday, October 19, 1:30 p.m. ET
Every vertical industry has its own unique security challenges. Retailers around the world use HashiCorp’s tech to improve their security posture. This is a big job, and it requires constant vigilance from platform teams in this sector. Target — one of the largest retailers in the US with more than 1,900 locations — has an extraordinarily large attack surface to protect. Shane Petrich, a Target Lead Engineer, details how Target keeps its HashiCorp Vault deployment humming.
»Vault Roadmap
Tuesday, October 19, 2:00 p.m. PT
There’s a reason why Vault is the dominant secrets management solution for platform teams: it’s incredibly powerful and it continues to get even better. So what innovations do we have planned for Vault in the near future? Attend this session and hear the specifics from Darshant Bhagat, Product Head for Vault, and Naaman Newbold Vault Director of Engineering.
»Reliability
»Consul Use Cases At Stripe: Service Mesh and More
Tuesday, October 19, 1:30 p.m. PT
Interest in the service mesh pattern is surging. According to the HashiCorp State of Strategy Cloud survey, service mesh adoption is expected to grow 250% in the year ahead. If this is on your roadmap, who better to learn from than Stripe? After all, even a few seconds of downtime could cost the fintech giant millions. This company is on the cutting edge of modern networking, and there’s a lot to learn from its experience with Consul and Kubernetes.
Mark Guan and Ruoran Wang, Software Engineers at Stripe, reveal the details of their multi-region service networking tech stack. If this sounds like an impressive feat of engineering, it is. This duo gives you an inside look at their overall topology across various AWS accounts and regions, and how they federated multi-region clusters together.
»The Future of HCP Packer
Tuesday, October 20, 12:30 p.m. ET
Platform teams use Packer to create identical machine images for multiple clouds from a single source configuration. Meanwhile, these same teams use Terraform to deploy images. What if there was a way to bring these two technologies closer together? That’s the vision behind HCP Packer: bridge the image-management workflows between Packer and Terraform. This service was first announced at HashiConf Europe in June.
Megan Marsh, Packer’s Engineering Lead, will demonstrate the product and unveil exciting roadmap details. And don’t miss the hands-on lab for HCP Packer at 1:30 p.m. ET on Wednesday, October 20.
»Network Automation on Terraform Cloud With CTS
Wednesday, October 20, 1:30 p.m. PT
Ticketing systems are the enemy of the modern platform team. They served their purpose in years past; now we’re in the era of automation and self-service. Yet even the most determined enterprise likely has a few workflows that still depend on tickets. One stubborn scenario: requests for network configuration changes. Here, dev teams are ready to release new code to production, but the new code requires firewall policy updates or changes to the load balancer member pool.
This session focuses on Consul-Terraform-Sync (CTS), a new capability that automates this gap in your workflow. HashiCorp Senior Engineers Melissa Kam, and Kim Ngo show you how CTS introduces network infrastructure automation to Consul and integrates directly with Terraform Cloud. Attend this session and learn how CTS monitors changes to the L7 network layer, and subsequently uses Terraform to dynamically update infrastructure.
»Workday’s Multi-Cloud Network Fabric With Consul & Vault
Wednesday, October 20, 1:00 p.m. ET
The hallmark of a reliable distributed system is that it continues to behave as expected even as it changes rapidly. Workday’s platform team has supported rapid growth and innovation over the last few years. To handle this growth, it uses Consul and Vault as part of its critical infrastructure. Workday Principal Engineer Daniele Vazzola explains how his company uses HashiCorp’s tools to support deployments across multiple cloud providers and on-premises datacenters. He even digs into how this multi-cloud fabric empowers service teams to autonomously set up secure connections across datacenters between workloads running on heterogeneous platforms. Don’t miss it!
»Join Us for the Livestreams
These fantastic talks are only a small part of what you’ll experience at HashiConf Global, happening online Tuesday – Wednesday, October 19 – 20 (and rebroadcast for the Asia/Pacific time zones on Wednesday – Thursday, October 20 – 21). This year, in addition to the visionary keynote sessions and dozens of useful practitioner talks, we’ve added free hands-on labs. For platform teams, we recommend the labs: Vault as a Certificate Authority (CA) for Consul Connect and Create a Custom Provider With the Terraform Plugin Framework.
Register for HashiConf Global today — it’s fast and free.
Source: HashiCorp Blog