TechTalk Accelerating Multicloud Adoption with HashiCorp
If your enterprise operates within a multicloud environment, innovative solutions can simplify how you manage and secure your clouds.
By Insight Editor / 27 Aug 2020 / Topics: Cloud DevOps
By Insight Editor / 27 Aug 2020 / Topics: Cloud DevOps
Running workloads across multiple clouds doesn’t have to increase the complexity of your IT environment. Digital Innovation Solution Architects Dave Benedic, Kevin Booth and Elliott Nichols discuss how HashiCorp tools centralize governance of multicloud environments.
To experience this week’s episode, listen on the player above, watch the conversation below, or scroll down to read a complete transcript. You can also subscribe to Insight TechTalk on Apple Podcasts, Pandora, and Spotify.
Audio transcript:
Published August 26, 2020
[Music]
DAVE
Hey guys. Welcome. So, let's talk about some multi-cloud with the HashiCorp suite of tools.
KEVIN
Let’s do it.
DAVE
With me I have Kevin, Elliott and I'm Dave. Do you guys want to do intros or you just wanna get into it? Have a little conversation?
ELLIOTT
Yeah, let's do it real quick. I'm Elliott Nichols. I'm one of Solution Architects with Insight.
KEVIN
Kevin Booth, Solution Architect with Insight.
DAVE
Dave Benedic, Solution Architect with Insight. Wow. That's a quite a diverse group we've got here. All right. So, let's talk a little bit about this. So, our clients are looking to go multi-cloud, right? What's that?
ELLIOTT
Maybe they weren't, but they found themselves in that position.
DAVE
All right. Well expand on that. What does that mean?
ELLIOTT
Oh, that means by way of acquisition or splinter business units, they may have found themselves in a multi-cloud setup, whether they liked it or not.
DAVE
So, commonly, I think people might be confused. Multi-cloud with, Oh, I'm gonna take one application. I'm gonna spread it out across three clouds. Is that what we're talking about here?
ELLIOTT
Yeah. I mean, it can be, but I think, for the most part enterprises just stumble their way into multi-cloud solutions, they didn't necessarily plan it. Those that did probably have very good reasons and probably have the talent to be able to, to maintain safely deploy solutions like that. I'd say the majority of our larger enterprise customers, just by one way or another, have found themselves in the position of being able or of having to support multiple clouds.
KEVIN
And that can vary like the solution or the reasons to go multi-cloud might vary, whether it's a best of breed solutions, maybe one cloud does big data a lot better. And it's just an all around better solution just for that piece. So, they might use clients might use that just for that. And then another cloud that's better at one other thing. Or maybe all you need is just storage for disaster recovery or something like that. You know, that puts you into a multi-cloud scenario that you need to manage now. Multiple clubs.
DAVE
Yeah. That makes sense. So, when it comes to that management, I mean, where do we see our clients maybe stumble a little bit? Where are the challenges?
KEVIN
Well, they're all different. They all have their idiosyncrasies in. Everyone has to learn that oftentimes clients will assign different teams to manage different clouds. And what we really want as practitioners is some, some layer of insulation there, something that lets us reuse and repurpose different, maybe code or maybe ideas, or maybe, you know, thought processes to the other clouds so, that we don't have to restaff every cloud or have special skillsets. And that's where HashiCorp tools really shine for us.
DAVE
Right. Right. So, we're taking, we're kind of abstracting away. The cloud is just a commodity, right? We don't really care.
KEVIN
Yeah.
DAVE
Except in certain cases maybe where there's a feature or availability that we want, but we don't really care. We just need to program something or have a common workflow. Right? So, you mentioned HashiCorp. Let's, let's expand on that. This is about HashiCorp. So, what the heck is HashiCorp? Who is HashiCorp? Why do I care?
KEVIN
Basically, they have something called the cloud operating model. And as we've, we've never had a name for it, we've been employing it. We've been doing that. It's all coming to this, this situation with all these multiple clouds where everything's becoming a commodity. So, the cloud operating model has a connect, run, provision, secure. And they have a tool purpose-built for each layer of the cloud operating model. So, if we were to develop skillsets to apply to the cloud operating model, we can take those workloads in those different things with us and apply them to multiple clouds much easier. If that makes sense.
DAVE
Yeah, no, that does. So, Elliott, the bottom layer of this cloud operating model that Kevin touched on is this provision layer. Where does HashiCorp fit in, in the provision layer? What do they offer?
ELLIOTT
Yeah. Terraform is their provisioning tool. What it does is it extracts, you know, the, all the different cloud deployment, custom deployment processes into kind of a single configuration language that allows you to do and to start code, to not only deploy, but to manage and reconfigure those assets over their life cycle.
DAVE
So, I think one of the common misconceptions in that provision layers, I write in Terraform, give me a VM. And then I pointed out a cloud, but that's not really what happens.
ELLIOTT
No, not at all. I mean, you, you share the same underlying configuration language, but each of the cloud resources has their own specification on what attributes are supported when you configure that particular resource. So, you know, that misconception is pretty common. People want to just declare a VMs code and say, you know, go give it to me. And in all these other clouds with one block of code, and that's really just not reality cause all of the different cloud providers just have different, you know, configuration options available to them that are not necessarily equal across the board.
DAVE
But the Terraform's really, we're getting a lot of demand for Terraform. So, it must offer something, right? Like what is it, what is it giving me when it comes to multi-cloud that I'm, that I'm not getting with maybe the cloud native tools Kevin?
KEVIN
That was not just the multi-cloud scenario, why we're seeing so, much interest in Terraform. I would say it's the repeatability and what it offers. That's more unique compared to the cloud native automation, tooling like arm templates or cloud formation or GCP deployments. (Kevin clears throat) Terraform has a concept of state, which doesn't exist in those, those other three cloud native deployments. The state can be reconciled against your code and what exists in the cloud telling you what's gonna change ahead of time. So, that makes me a lot more comfortable when I say. Gonna change 120 virtual machines out in production to 1200 or something like that…
ELLIOTT
You know what, throw those arm templates over the wall and crossing your fingers and hope and pray. Is that what you want?
KEVIN
Well right – if I forget a couple of zeros and I put that 1200 down to one or two or 12, you know, I'm in trouble. But I would see that with Terraform. I would see that ahead of time, like, Ooh man, whoops. So, we use our pipelines.
DAVE
So, that's an example of a common workflow that we're seeing across whatever I'm pointing it at. Right? So, if it's any of the major public clouds, or even potentially some of my own private clouds or hybrid clouds, right. Same workflow.
KEVIN
It's sustainable. And it works again to Elliott's point about the HashiCorp configuration language. That's in the public cloud space, we would have to learn each one of those tool sets. In the Terraform case, we just need to learn Terraform. And then the back in cloud, in the first case, we have to learn both.
DAVE
Right. And I guess that would help when it comes to sort of breaking down those silos and those communities of practice that all the good things you want in those empowered and high performing DevOps teams.
KEVIN
Yeah, definitely.
DAVE
So, moving up the cloud operating model stack here, we just talked about the provision layer. So, the next layer's, the secure layer. Talk to me about what that means Elliott in light of sort of how, you know, we're used to doing security, we build a castle with a moat around it. We can pull up the drawbridge and keep the bad guys out. Right? So, what does this secure layer look like in the modern data center?
ELLIOTT
Yeah, I think with the, you know, when you go back to the cloud operating model, you go from, you know, IP based services to services that are really identified, not by their IP necessarily, but by their identity. So, you need to be able to track that identity and have services, be able to securely connect to each other. That's all traced back to that identity. Whether it's a service or user interacting with the different systems in one cloud or another vault gives you that capability of kind of keeping all of your secret data safe and available synchronized between clouds. And it's really that single source of truth for all things that are secret; passwords, certificates, keys. You can put any data you want in there. If you just, if you wanna encrypt an entire file or JSON block, you can shove it into, into keep up, learn to evolve.
KEVIN
Yeah. Right. Yeah. It's very powerful. Like has a myriad of authentication mechanisms. So, we aren't just tied to access that single source of truth information just by a username and password. For example, we can tie into a million different things, whether there's SSH, authentication, username and password, be one of them as your active directory identity, anything token based. You know, the ways to access that data or integrate into just about any workflow that you need. So, that makes it a lot simpler.
DAVE
So, it was my single source of truth for secrets, and I can authenticate it to it with an identity that I can back with anything essentially.
ELLIOTT
Right. Whether a user or even a system, you can have that single identity inside of vault.
DAVE
Great. Alright. So, that's our secure layer. So, moving up again, we're going to the connect layer. Tell me a little bit about that Elliot.
ELLIOTT
Yeah. This is the product that HashiCorp has in this space is, is Console. It really glues all of your services together and allows you to discover services between not just a single cloud but multiple clouds. You, you can have your services come online and register in the Console, and then they can easily discover themselves inside that same cluster or inside the same region inside the same cloud or multi cloud. In addition, they've recently offered some of the, the service segmentation and intentions-based networking that you'd find with like a service discovery. And I, you know, all those, those, those tools around service meshes that are out there today, Console just gives you that very, just a much simpler tool to say, you know, to connect a service to service and do that.
DAVE
So, it's a nice evolution from, from IP based and DNS solutions. And then the top layer here on the cloud operating models that run layer. So, Kevin, tell me a little bit about Nomad.
KEVIN
Nomad is a workload scheduling, an orchestration management tool. I really like it cause it's lightweight and simplistic compared to some of the other orchestration tools out there, whether I'm running containers. And this is with nomad, whether I'm running containers or not, maybe some monolithic executables for applications. I don't even need to containerize. I can still run it through Nomad. So, if I have something…
ELLIOTT
Is that why you'd choose it over like a Kubernetes for example? that you can run other workloads, other containers. I mean.
KEVIN
Potentially one of the other nice things about Nomad is extremely tight integration with Volt and Console. So, if you already have those products and run those products on those nodes or in that other cluster, then it automatically registers and you get all the coolness with that. Like your services running within Nomad will automatically register in Console. So, that may be another cloud could consume them just by name, you know, things like that, which is awesome.
DAVE
That's very powerful. So, that those are the four layers that Hashi identifies in the cloud operating model. And I guess we'd be at risk not to talk about Sentinel, which is their policy as code. It's sort of the thread that weaves through the four layers of the cloud operating model, right? That's how we can govern across multiple clouds with a single implementation of policy as code which is super powerful. Well, I guess that's all the time we have. So, to wrap up. HashiCorp helps us operate multi-cloud or accelerate our multi-cloud adoption through common workflows and a common interface, to multiple public clouds and hybrid clouds.
[Music]