What is HashiCorp Consul?
Author: John 'JJ' Jarvis
Release Date: 24/01/2024
Consul is a service networking solution. But what do we mean by that?
Well, when we’re talking about what HashiCorp calls the Cloud Operating Model, we have to change our approach, on many fronts: if there is still a ticketing system of some sort between your operations and networking teams, as an example, your competitors will leave you in the dust; your timeline for new services will be orders of magnitude longer than theirs, or, the alternative is to throw open the doors and lose any real grasp of your business’s security posture and resiliency.
So we know we need to think beyond walls and tins for a while, and this is where service based networking comes in, identity-based networking, and, through it, unlocking the speed of cloud.
Security isn’t based on IP addresses or accounts, not on familiar patterns of work or ‘secret backdoors’ (i.e., security through obscurity), but rather on a cryptographically assured identity, verified by your organisation’s identity provider of choice (e.g., LDAP, your cloud provider platform, your single sign-on platform, etc.).
This is a baseline for those looking to compete in the time of the Cloud Operating Model.
A Modern Service Networking Solution
In case it isn’t clear by this point, Consul fulfils many different roles across many organisations. A modern service networking solution requires that we answer four specific questions: Where are my services running? How do I secure the communication between them? How do I automate routine networking tasks? How do I control access to my environments?
1. Where are my services running?
Discover services with Consul: create a central registry that tracks services, updates, and health statuses in real time;
2. How do I secure the communication between them?
Secure networking with Consul: ensure all service-to-service communication is authenticated, authorised, and encrypted.
3. How do I automate routine networking tasks?
Automate networking with Consul-Terraform-Sync: reduce the operator burden by automating key networking tasks.
4. How do I control access to my environments?
Access services with Consul: control access to services at the point of entry and centralise traffic management.
Common Use Cases
• Using DNS or an HTTP API to discover registered services - including those running on Kubernetes - and their locations with Consul.
• Control access to services - Control access to services running within a Consul service mesh with the API Gateway.
• Dynamic load balancing - Automate manual networking tasks and reduce ticket queues as a bonus.
• Automated networking tasks - Provision apps faster. Automate complex networking tasks. Separate concerns so operators can easily manage and optimise networking.
• mTLS encryption - Authenticate with mTLS and encrypt connections between services.
• Multi-platform service mesh - Consul service mesh can deploy in any environment and supports multiple runtimes, including Kubernetes, Nomad, and VMs.
• Observability - Visualise service mesh topology with Consul’s built-in UI or one of the included APM integrations.
• L7 traffic management - Implement fine-grained traffic policies for routing and splitting traffic across services.
Finally, for those who need to get up and running as a priority, Consul is available, on both AWS and Azure, as part of the HashiCorp Cloud Platform (HCP). Get push-button deployments that are ready to work, with HashiCorp experts keeping the cluster(s) in top form. And, at the other end of the spectrum, for those whose risk profile and / or regulatory framework demand more, there is Consul Enterprise, for self hosting and designed to handle the traffic loads of large scale organisations with enterprise-grade resilience.