SlideShare a Scribd company logo

HashiCorp 2019: "Secure Routing and Traffic Management with Ambassador and Consul"

Download as PPTX, PDF
Daniel Bryant, profile picture
Daniel Bryant

The document discusses the integration of Ambassador and Consul for secure routing and traffic management in application modernization. It highlights the importance of decoupling apps and infrastructure, managing north-south and east-west traffic, and addressing security concerns related to data in motion. It concludes that an integrated solution using Ambassador and Consul can bridge legacy applications with modern practices, ensuring secure communication and operational efficiency.

Technology
Related topics:
API Gateway
1 of 38
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
Copyright © 2019 HashiCorp Secure Routing and Traffic Management with Ambassador and Consul Daniel Bryant Product Architect, Datawire Nic Jackson Developer Advocate, HashiCorp
tl;dr ▪ We’re seeing an increase in application modernisation/hybrid platforms ▪ Decoupling apps and infrastructure is key: incrementally and securely ▪ Ambassador handles north-south “ingress” traffic ▪ Consul handles east-west “service-to-service” traffic ▪ Ambassador + Consul bridge legacy apps to the new world – Dynamic routing, TLS, and other cross-cutting concerns
Who are we? Nic Jackson Developer Advocate, HashiCorp @sheriffjackson Daniel Bryant Product Architect, Datawire @danielbryantuk
So, we don’t want to scare you, but...
So, we don’t want to scare you, but... 214 Records containing personal data are exploited every second
So, we don’t want to scare you, but... 2.2% Of compromised records are protected by encryption
So, we don’t want to scare you, but... 65% Of cases are linked to identity theft
So, we don’t want to scare you, but... $3,860,000 Is the average cost of a data breach
So, we don’t want to scare you, but... $350,00,000 Is the cost of a breach containing over 50 million records
So, we don’t want to scare you, but... 72% Increase in attacks between 2017 and 2018 Gemalto Breach Level Index: https://breachlevelindex.com/ IBM Cost of a Data Breach Study: https://www.ibm.com/security/data-breach
HashiCorp 2019: "Secure Routing and Traffic Management with Ambassador and Consul"
We’re assuming that you have secured your data at rest… ...and hardened compute
But what about data in motion? Are your comms vulnerable?
And what about during application modernisation? Network heterogeneity typically increases: - Private DC, cloud, k8s...
HashiCorp 2019: "Secure Routing and Traffic Management with Ambassador and Consul"
https://www.rgoarchitects.com/Files/fallacies.pdf
HashiCorp 2019: "Secure Routing and Traffic Management with Ambassador and Consul"
Ambassador + Consul
API Gateway: Edge proxy, ingress, ADC... ▪ Exposes internal services to end-users (via multiple domains) ▪ Encapsulates backends (k8s, VMs, bare metal etc) ▪ TLS termination (enforcing minimum TLS version) ▪ End-user authentication/authorization ▪ Rate limiting (DDoS protection, etc)
Service Mesh: Proxy mesh, Fabric model... ▪ Exposes internal services to internal consumers ▪ Encapsulates service infra (across k8s, VMs, bare metal etc) ▪ mTLS: service identity and traffic encryption ▪ ACLs and intentions: who can do what, and to whom ▪ Implements cross-functional concerns (out-of-process)
Exploring end-to-end communication
HashiCorp 2019: "Secure Routing and Traffic Management with Ambassador and Consul"
© 2019 HashiCorp 23 Bypass the perimeter by attacking services
© 2019 HashiCorp 24 We need internal network isolation
© 2019 HashiCorp 25 Network segmentation
© 2019 HashiCorp 26 Service segmentation
© 2019 HashiCorp 27 Problem: Dynamic environments...
© 2019 HashiCorp 28 Network / Service segmentation with intention-based security
Ambassador + Consul: end-to-end solution
Exploring end-to-end communication
https://blog.envoyproxy.io/service-mesh-data-plane-vs-control-plane-2774e720f7fc Control planes and data planes Data plane Control plane
Control planes: Differing use cases ▪ North-south – Unknown / untrusted clients – Limited exposure of services (Mapping) – Centralised ops ingress defaults + decentralised product team cfg ▪ East-west – Dynamic service information update required (multiple sources) – Identity required for all services (mTLS + ACLs) – “Sane” internal defaults + decentralised dev cfg
Ambassador + Consul
Copyright © 2019 HashiCorp Demo
Ambassador + Consul
Conclusion ▪ Whether greenfield or part of app modernisation... – Decoupling apps and infrastructure is key – We need to do this incrementally and securely ▪ Handling north-south/east-west traffic requires different control planes – But an integrated solution is required (mind the gap!) ▪ Ambassador + Consul bridge legacy apps to the new world – Dynamic routing, mTLS, segmentation, cross-cutting concerns
Copyright © 2019 HashiCorp Questions?
Copyright © 2019 HashiCorp Thanks! @sheriffjackson | @danielbryantuk

More Related Content

PDF
Cloud Identity: A Recipe for Higher Education
Mike Schwartz
 
PPTX
Tech talk
madelineblake
 
PDF
Anonymity, trust, accountability
Eleanor McHugh
 
PPTX
Cryotocurrency & blockchain
Amr Salah
 
PDF
Netrix Services Profile
Mike Lombardo
 
PPTX
Aljosja Beije - Deliver: Frictionless trade
Vincent Everts
 
PPTX
Blockchain Introduction
Ayham Madi
 
PPTX
Cybersecurity aspects of blockchain and cryptocurrency
Tony Martin-Vegue
 
Cloud Identity: A Recipe for Higher Education
Mike Schwartz
 
Tech talk
madelineblake
 
Anonymity, trust, accountability
Eleanor McHugh
 
Cryotocurrency & blockchain
Amr Salah
 
Netrix Services Profile
Mike Lombardo
 
Aljosja Beije - Deliver: Frictionless trade
Vincent Everts
 
Blockchain Introduction
Ayham Madi
 
Cybersecurity aspects of blockchain and cryptocurrency
Tony Martin-Vegue
 

What's hot (19)

PDF
Blockchain and financial industry transformation
Ali Moghadam
 
PDF
Blockchains : Risk or Mitigation?
ITU
 
PPTX
Digital Credentials Enabling Mobility and Verification of Educational Achieve...
Brandon Muramatsu
 
PDF
EthCC 2018 : Ethereum Decentralized Digital Identity Trust Services
adetante
 
PDF
EthCC 2018 - Decentralized Digital Identity on Ethereum
Fabrice Croiseaux
 
PPTX
Practical Challenges for Public Blockchains
Johannes Ahlmann
 
PDF
Regulatory & Legal Aspects of Distributed Ledger Technology
ITU
 
PPTX
Data protection by design and by default on the blockchain
Alexandra Giannopoulou
 
PDF
Crypto Coinference 2018 - Make Blockchain mainstream, but without the hype: ...
Crypto Coinference
 
PPTX
Presentation1
RakeshSaran5
 
PPTX
Blockchain Training
Jiya Verma
 
PPTX
Hire blockchain developer
Saratechnology
 
PDF
Key Modules for a trsuted and privacy preserving personal data marketplace
Big Data Value Association
 
PDF
DTU HTS 2017 - some take aways...
Lars Krag Kongsgaard
 
PDF
GDPR and Data Ethics considerations in personal data sharing
Big Data Value Association
 
PDF
FIWARE Global Summit - Publishing Context Information as Right-time Open Data
FIWARE
 
PPTX
Dublin Blockchain Group
AWH
 
PDF
FIWARE Global Summit - Using IoT to Enhance the Standard of the Life of Citizens
FIWARE
 
PPTX
E-commerce security using asymmetric key algorithm
gauravv7536
 
Blockchain and financial industry transformation
Ali Moghadam
 
Blockchains : Risk or Mitigation?
ITU
 
Digital Credentials Enabling Mobility and Verification of Educational Achieve...
Brandon Muramatsu
 
EthCC 2018 : Ethereum Decentralized Digital Identity Trust Services
adetante
 
EthCC 2018 - Decentralized Digital Identity on Ethereum
Fabrice Croiseaux
 
Practical Challenges for Public Blockchains
Johannes Ahlmann
 
Regulatory & Legal Aspects of Distributed Ledger Technology
ITU
 
Data protection by design and by default on the blockchain
Alexandra Giannopoulou
 
Crypto Coinference 2018 - Make Blockchain mainstream, but without the hype: ...
Crypto Coinference
 
Presentation1
RakeshSaran5
 
Blockchain Training
Jiya Verma
 
Hire blockchain developer
Saratechnology
 
Key Modules for a trsuted and privacy preserving personal data marketplace
Big Data Value Association
 
DTU HTS 2017 - some take aways...
Lars Krag Kongsgaard
 
GDPR and Data Ethics considerations in personal data sharing
Big Data Value Association
 
FIWARE Global Summit - Publishing Context Information as Right-time Open Data
FIWARE
 
Dublin Blockchain Group
AWH
 
FIWARE Global Summit - Using IoT to Enhance the Standard of the Life of Citizens
FIWARE
 
E-commerce security using asymmetric key algorithm
gauravv7536
 
Ad

Similar to HashiCorp 2019: "Secure Routing and Traffic Management with Ambassador and Consul" (20)

PPTX
[London HashiCorp] Securing Cloud Native Communication: From end user to serv...
Daniel Bryant
 
PPTX
[HashiConf EU] Securing Cloud Native Communication, From End User to Service
Daniel Bryant
 
PPTX
[CNCF Webinar] Securing Cloud Native Communication, From End User to Service
Daniel Bryant
 
PPTX
KubeCon EU 2019 "Securing Cloud Native Communication: From End User to Service"
Daniel Bryant
 
PDF
Unlocking the Cloud Operating Model: Networking in Multi-Cloud
Mitchell Pronschinske
 
PPTX
Role of edge gateways in relation to service mesh adoption
Christian Posta
 
PDF
Layer 7 Observability and Centralized Configuration with Consul Service Mesh
Mitchell Pronschinske
 
PPTX
Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Mitchell Pronschinske
 
PDF
ITKonekt 2023: The Busy Platform Engineers Guide to API Gateways
Daniel Bryant
 
PPTX
Kloia AWS IBM Hashicorp Day Presentation
kloia
 
PPTX
Hashicorp Corporate Pitch Deck Stenio_v2
Stenio Ferreira
 
PDF
SophiaConf 2018 - D. Benque (Amadeus)
TelecomValley
 
PDF
xConf-2022-api-gateway-service-mesh.pdf
Wesley Reisz
 
PDF
NYC Kubernetes Meetup: Ambassador and Istio - Flynn, Datawire
Ambassador Labs
 
PDF
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
CA API Management
 
PDF
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Denim Group
 
PDF
cloud security lecture abcedfghigklmnopqrstucvbnm,
arfaouisalim
 
PPTX
JAX London 2019 "Cloud Native Communication: Using an API Gateway and Service...
Daniel Bryant
 
PPTX
CloudNativeLondon 2019 "API Gateways and Service Meshes: Opening the Door to ...
Daniel Bryant
 
PPTX
F5 and HashiCorp Multi-Cloud
abenyeung1
 
[London HashiCorp] Securing Cloud Native Communication: From end user to serv...
Daniel Bryant
 
[HashiConf EU] Securing Cloud Native Communication, From End User to Service
Daniel Bryant
 
[CNCF Webinar] Securing Cloud Native Communication, From End User to Service
Daniel Bryant
 
KubeCon EU 2019 "Securing Cloud Native Communication: From End User to Service"
Daniel Bryant
 
Unlocking the Cloud Operating Model: Networking in Multi-Cloud
Mitchell Pronschinske
 
Role of edge gateways in relation to service mesh adoption
Christian Posta
 
Layer 7 Observability and Centralized Configuration with Consul Service Mesh
Mitchell Pronschinske
 
Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Mitchell Pronschinske
 
ITKonekt 2023: The Busy Platform Engineers Guide to API Gateways
Daniel Bryant
 
Kloia AWS IBM Hashicorp Day Presentation
kloia
 
Hashicorp Corporate Pitch Deck Stenio_v2
Stenio Ferreira
 
SophiaConf 2018 - D. Benque (Amadeus)
TelecomValley
 
xConf-2022-api-gateway-service-mesh.pdf
Wesley Reisz
 
NYC Kubernetes Meetup: Ambassador and Istio - Flynn, Datawire
Ambassador Labs
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
CA API Management
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Denim Group
 
cloud security lecture abcedfghigklmnopqrstucvbnm,
arfaouisalim
 
JAX London 2019 "Cloud Native Communication: Using an API Gateway and Service...
Daniel Bryant
 
CloudNativeLondon 2019 "API Gateways and Service Meshes: Opening the Door to ...
Daniel Bryant
 
F5 and HashiCorp Multi-Cloud
abenyeung1
 
Ad

More from Daniel Bryant (20)

PDF
CraftConf 2023 "Microservice Testing Techniques: Mocks vs Service Virtualizat...
Daniel Bryant
 
PDF
PlatformCon 23: "The Busy Platform Engineers Guide to API Gateways"
Daniel Bryant
 
PDF
Java Meetup 23: 'Debugging Microservices "Remocally" in Kubernetes with Telep...
Daniel Bryant
 
PPTX
DevRelCon 2022: "Is Product Led Growth (PLG) the “DevOps” of the DevRel World"
Daniel Bryant
 
PDF
Fall 22: "From Kubernetes to PaaS to... err, what's next"
Daniel Bryant
 
PDF
Building Microservice Systems Without Cooking Your Laptop: Going “Remocal” wi...
Daniel Bryant
 
PDF
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
Daniel Bryant
 
PDF
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...
Daniel Bryant
 
PDF
CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"
Daniel Bryant
 
PDF
KubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
Daniel Bryant
 
PDF
Devoxx UK 22: Debugging Java Microservices "Remocally" in Kubernetes with Tel...
Daniel Bryant
 
PDF
DevXDay KubeCon NA 2021: "From Kubernetes to PaaS to Developer Control Planes"
Daniel Bryant
 
PDF
JAX London 2021: Jumpstart Your Cloud Native Development: An Overview of Prac...
Daniel Bryant
 
PDF
Container Days: Easy Debugging of Microservices Running on Kubernetes with Te...
Daniel Bryant
 
PDF
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...
Daniel Bryant
 
PDF
MJC 2021: "Debugging Java Microservices Running on Kubernetes with Telepresence"
Daniel Bryant
 
PDF
LJC 4/21"Easy Debugging of Java Microservices Running on Kubernetes with Tele...
Daniel Bryant
 
PDF
GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...
Daniel Bryant
 
PPTX
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...
Daniel Bryant
 
PDF
Ambassador Fest: "Kubernetes Workflow 101: The Big Picture of Idea to an API ...
Daniel Bryant
 
CraftConf 2023 "Microservice Testing Techniques: Mocks vs Service Virtualizat...
Daniel Bryant
 
PlatformCon 23: "The Busy Platform Engineers Guide to API Gateways"
Daniel Bryant
 
Java Meetup 23: 'Debugging Microservices "Remocally" in Kubernetes with Telep...
Daniel Bryant
 
DevRelCon 2022: "Is Product Led Growth (PLG) the “DevOps” of the DevRel World"
Daniel Bryant
 
Fall 22: "From Kubernetes to PaaS to... err, what's next"
Daniel Bryant
 
Building Microservice Systems Without Cooking Your Laptop: Going “Remocal” wi...
Daniel Bryant
 
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
Daniel Bryant
 
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...
Daniel Bryant
 
CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"
Daniel Bryant
 
KubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
Daniel Bryant
 
Devoxx UK 22: Debugging Java Microservices "Remocally" in Kubernetes with Tel...
Daniel Bryant
 
DevXDay KubeCon NA 2021: "From Kubernetes to PaaS to Developer Control Planes"
Daniel Bryant
 
JAX London 2021: Jumpstart Your Cloud Native Development: An Overview of Prac...
Daniel Bryant
 
Container Days: Easy Debugging of Microservices Running on Kubernetes with Te...
Daniel Bryant
 
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...
Daniel Bryant
 
MJC 2021: "Debugging Java Microservices Running on Kubernetes with Telepresence"
Daniel Bryant
 
LJC 4/21"Easy Debugging of Java Microservices Running on Kubernetes with Tele...
Daniel Bryant
 
GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...
Daniel Bryant
 
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...
Daniel Bryant
 
Ambassador Fest: "Kubernetes Workflow 101: The Big Picture of Idea to an API ...
Daniel Bryant
 

Recently uploaded (20)

PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPTX
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
A Presentation on Artificial Intelligence
memembruh336
 
Approach and Philosophy of On baking technology
30anthuong17
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Cloud computing and distributed systems.
kkkkkhan
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 

HashiCorp 2019: "Secure Routing and Traffic Management with Ambassador and Consul"

  • 1. Copyright © 2019 HashiCorp Secure Routing and Traffic Management with Ambassador and Consul Daniel Bryant Product Architect, Datawire Nic Jackson Developer Advocate, HashiCorp
  • 2. tl;dr ▪ We’re seeing an increase in application modernisation/hybrid platforms ▪ Decoupling apps and infrastructure is key: incrementally and securely ▪ Ambassador handles north-south “ingress” traffic ▪ Consul handles east-west “service-to-service” traffic ▪ Ambassador + Consul bridge legacy apps to the new world – Dynamic routing, TLS, and other cross-cutting concerns
  • 3. Who are we? Nic Jackson Developer Advocate, HashiCorp @sheriffjackson Daniel Bryant Product Architect, Datawire @danielbryantuk
  • 4. So, we don’t want to scare you, but...
  • 5. So, we don’t want to scare you, but... 214 Records containing personal data are exploited every second
  • 6. So, we don’t want to scare you, but... 2.2% Of compromised records are protected by encryption
  • 7. So, we don’t want to scare you, but... 65% Of cases are linked to identity theft
  • 8. So, we don’t want to scare you, but... $3,860,000 Is the average cost of a data breach
  • 9. So, we don’t want to scare you, but... $350,00,000 Is the cost of a breach containing over 50 million records
  • 10. So, we don’t want to scare you, but... 72% Increase in attacks between 2017 and 2018 Gemalto Breach Level Index: https://breachlevelindex.com/ IBM Cost of a Data Breach Study: https://www.ibm.com/security/data-breach
  • 12. We’re assuming that you have secured your data at rest… ...and hardened compute
  • 13. But what about data in motion? Are your comms vulnerable?
  • 14. And what about during application modernisation? Network heterogeneity typically increases: - Private DC, cloud, k8s...
  • 19. API Gateway: Edge proxy, ingress, ADC... ▪ Exposes internal services to end-users (via multiple domains) ▪ Encapsulates backends (k8s, VMs, bare metal etc) ▪ TLS termination (enforcing minimum TLS version) ▪ End-user authentication/authorization ▪ Rate limiting (DDoS protection, etc)
  • 20. Service Mesh: Proxy mesh, Fabric model... ▪ Exposes internal services to internal consumers ▪ Encapsulates service infra (across k8s, VMs, bare metal etc) ▪ mTLS: service identity and traffic encryption ▪ ACLs and intentions: who can do what, and to whom ▪ Implements cross-functional concerns (out-of-process)
  • 23. © 2019 HashiCorp 23 Bypass the perimeter by attacking services
  • 24. © 2019 HashiCorp 24 We need internal network isolation
  • 25. © 2019 HashiCorp 25 Network segmentation
  • 26. © 2019 HashiCorp 26 Service segmentation
  • 27. © 2019 HashiCorp 27 Problem: Dynamic environments...
  • 28. © 2019 HashiCorp 28 Network / Service segmentation with intention-based security
  • 29. Ambassador + Consul: end-to-end solution
  • 32. Control planes: Differing use cases ▪ North-south – Unknown / untrusted clients – Limited exposure of services (Mapping) – Centralised ops ingress defaults + decentralised product team cfg ▪ East-west – Dynamic service information update required (multiple sources) – Identity required for all services (mTLS + ACLs) – “Sane” internal defaults + decentralised dev cfg
  • 34. Copyright © 2019 HashiCorp Demo
  • 36. Conclusion ▪ Whether greenfield or part of app modernisation... – Decoupling apps and infrastructure is key – We need to do this incrementally and securely ▪ Handling north-south/east-west traffic requires different control planes – But an integrated solution is required (mind the gap!) ▪ Ambassador + Consul bridge legacy apps to the new world – Dynamic routing, mTLS, segmentation, cross-cutting concerns
  • 37. Copyright © 2019 HashiCorp Questions?
  • 38. Copyright © 2019 HashiCorp Thanks! @sheriffjackson | @danielbryantuk