AMSTERDAM and SAN FRANCISCO, June 26, 2018 (GLOBE NEWSWIRE) -- Today onstage at HashiDays Amsterdam, HashiCorp, a leader in cloud infrastructure automation, announced major new functionality for HashiCorp Consul, an open source service mesh to connect, secure, and configure services in dynamic, low-trust network environments. The new capability, called Consul Connect, now enables users to efficiently secure service-to-service communications for containerized and non-containerized services in cloud or on-premises environments. First released in 2014, Consul already runs on more than 5 million machines worldwide.
Modern application architectures embrace public clouds, microservices, and container schedulers like Kubernetes and HashiCorp Nomad. The previous static application architectures featured dedicated servers, long-lived IP addresses, and a clear network perimeter. The new approach brings complex service-to-service communication patterns, increased scale, dynamic IP addresses, ephemeral infrastructure, and a low-trust network environment. These dynamic environments require a service mesh that allows users to discover, configure, and connect services across their on-premises and cloud-based fleet.
A service mesh provides a highly available, distributed solution to three critical problems:
- Discovery: Services must be able to find and communicate with each other.
- Configuration: Services must accept dynamic, runtime configuration from a central source.
- Segmentation: Service communication must be secured through authorization and encryption.
Prior to this release, Consul solved the discovery and configuration use cases with DNS for discovery and Key/Value for configuration. The Consul Connect feature now solves the segmentation use case. All three of these features work together to provide a complete service mesh solution that works on any platform.
“Microservices have introduced a critical new set of challenges for service-to-service traffic: how services find each other, how they are configured without being redeployed, and how to limit connectivity between them for security purposes,” said Armon Dadgar, founder and co-CTO of HashiCorp. “Consul has been used for years as a service discovery and service configuration tool. Now with Consul Connect, Consul rounds out its capabilities as a true service mesh and addresses that third challenge. Consul now significantly simplifies the way that you enforce service connectivity, enabling you to replace what can be many thousands of IP-based firewall rules with a few service-based intentions. By solving security challenges at the service layer, we simplify our network requirements and make it easy for networking and security teams to manage, while removing a bottleneck for developers to adopt cloud.”
“At jet.com, HashiCorp Consul helps us discover services that are connected across multiple cloud regions,” said Andrew Duch, DevOps technology lead for jet.com. “We believe the addition of the new Consul Connect capability will allow us to improve security by enabling us to easily introduce access policies between our microservices. We believe that by providing identities and access at the services level, Consul will help us streamline and scale persistent security, despite the constant changes that come as part of our continuous development and integration process."
The new Consul Connect capability enables service segmentation, which isolates traffic between services through identity-based authorization. It assigns each service a unique identity using Transport Layer Security (TLS) certificates. Consul uses a set of simple rules to describe which services are allowed to communicate directly and then secures that communication with mutual TLS. Consul enforces security at the service level, rather than relying on the underlying network. Consul Connect decouples policy from IP addresses, ensuring consistent security policies are always applied as services are scaled and deployed dynamically.
Traditional approaches to network security require a tight coupling of firewalls, load balancers, and software-defined networks, adding operational complexity. Consul’s approach allows developers to deploy new services quickly and securely without waiting for the manual update of network security policies, and it also frees IT teams from dealing with complex network topologies and from managing short-lived firewall rules.
The components of Consul Connect that enable service segmentation include:
- Service Access Graph
Define and enforce service-to-service communication with a simple Intentions configuration. Service-based rules, instead of IP-based rules, make it easy to manage dynamic infrastructure with frequently changing IPs.
- Secure Services Across any Runtime Platform
Secure communication between legacy and modern workloads. Sidecar proxies allow applications to be integrated without code changes, and Layer 4 support provides nearly universal protocol compatibility. Native integration allows throughput or latency sensitive applications to avoid any performance penalty.
- Certificate-Based Service Identity
TLS certificates are used to identify services and secure communications. Consul can be a certificate authority to simplify deployment or integrate with external signing authorities like HashiCorp Vault.
- Encrypted Communication
All traffic between services is encrypted and authenticated with mutual TLS. Using TLS provides a strong guarantee of the identity of services communicating, and ensures all data in transit is encrypted.
Additional Resources
- Consul Connect Announcement Blog
- Consul Connect Whiteboard Video
- Consul Connect Interactive Tutorial
- Consul Open Source Website and Product Download
Availability
The public beta of the HashiCorp Consul Connect capabilities are available today as part of the Consul 1.2 open source release. Users can download the open source version of Consul at https://www.consul.io. HashiCorp Consul addresses three primary use cases for IT practitioners: service discovery, service segmentation, and service configuration. Information about Consul Enterprise is available at https://www.hashicorp.com/products/consul.
About HashiCorp
HashiCorp is a cloud infrastructure automation company that enables organizations to adopt consistent workflows to provision, secure, connect, and run any infrastructure for any application. HashiCorp open source tools Vagrant, Packer, Terraform, Vault, Consul, and Nomad are downloaded thousands of times per day and are broadly adopted by the Global 2000. Enterprise versions of these products enhance the open source tools with features that promote collaboration, operations, governance, and multi-data center functionality. The company is headquartered in San Francisco and backed by Mayfield, GGV Capital, Redpoint, and True Ventures. For more information, visit https://www.hashicorp.com or follow HashiCorp on Twitter @HashiCorp.
Media and Analyst Contact:
Amber Rowland
amber@therowlandagency.com
+1-650-814-4560