$30 off During Our Annual Pro Sale. View Details »

Brave New World: Infrastructure Automation

Armon Dadgar
August 30, 2017
580

Brave New World: Infrastructure Automation

Infrastructure is being transformed by the pressure to deliver applications faster, adopt public clouds, and dramatically improve security. Together, these trends are forcing organizations to rethink their entire approach on application delivery. HashiCorp focuses on supporting the worlds leading organizations through this transition to deliver applications in a multi-cloud world. In this talk, we discuss the necessary changes in how we provision core infrastructure, ensure application and data security, and deploy and manage our applications.

Armon Dadgar

August 30, 2017
Tweet

Transcript

  1. Copyright © 2017 HashiCorp
    Brave New World:

    Infrastructure
    Automation

    View Slide

  2. Armon Dadgar
    Founder and CTO
    @armon

    View Slide

  3. Copyright © 2017 HashiCorp
    CONNECT
    Infrastructure & applications
    RUN
    SECURE
    PROVISION
    Applications
    Infrastructure & applications
    Infrastructure
    OSS TOOL SUITE PRODUCT SUITE
    Consul
    Nomad
    Terraform
    Vault
    Consul
    Enterprise
    Nomad
    Enterprise
    Vault Enterprise
    Terraform
    Enterprise
    FOR TEAMS
    FOR INDIVIDUALS
    Provision, secure, connect, and run any infrastructure
    3
    Copyright © 2017 HashiCorp

    View Slide

  4. Copyright © 2017 HashiCorp
    Market Trends

    View Slide

  5. Tractor Company or
    Software Company?

    View Slide

  6. Copyright © 2017 HashiCorp
    ▪ Applications shifting from Back office to Front office
    ▪ Traditional Companies being Disrupted by Software
    ▪ Pressure to Deliver Applications Faster
    Applications Front and Center
    6

    View Slide

  7. View Slide

  8. Copyright © 2017 HashiCorp
    ▪ AWS, Azure, GCP, Oracle Cloud, IBM Cloud, Alibaba, Huawei
    ▪ Doing $XXB in revenue
    ▪ Growing at 100%+ YOY
    ▪ Avoid CapEx for new projects, enable experimentation
    ▪ Elastic capacity for scaling
    ▪ Outsource specialized know how
    Public Clouds set Sail
    8

    View Slide

  9. HVAC: Security Risk?

    View Slide

  10. Copyright © 2017 HashiCorp
    ▪ Security has been elevated into a critical business risk
    ▪ Target compromised through an HVAC system
    ▪ Google compromised by splicing dark fiber
    ▪ Regulation changing the landscape (GDPR, CSL)
    Security is a Board topic
    10

    View Slide

  11. s
    Copyright © 2017 HashiCorp
    11
    Rethinking Entire
    Application Delivery
    Lifecycle

    View Slide

  12. Copyright © 2017 HashiCorp
    ▪ Natural Tension of Goals
    ▪ Deliver Applications Faster
    ▪ Reduce Complexity and Manage Risk
    ▪ Principles, Process, and Tools all matter
    Application Delivery Goals
    12

    View Slide

  13. Copyright © 2017 HashiCorp
    Essential Application Delivery Steps
    13
    CONNECT
    RUN
    SECURE
    PROVISION
    Infrastructure & applications
    Applications
    Infrastructure & applications
    Infrastructure
    Register and monitor the
    application and its components
    Push the application into the
    environment
    Secure distributed environment to
    which applications will be deployed
    Develop & test the application
    CONNECT
    DEPLOY
    SECURE
    BUILD / TEST

    View Slide

  14. Copyright © 2017 HashiCorp 14
    CONNECT
    RUN
    SECURE
    PROVISION
    Infrastructure & applications
    Applications
    Infrastructure & applications
    Infrastructure
    Register and monitor the
    application and its components
    Push the application into the
    environment
    Secure distributed environment to
    which applications will be deployed
    Create core infrastructure to
    run applications
    Create environment-appropriate
    version of the application
    Develop & test the application
    CONNECT
    DEPLOY
    SECURE
    PROVISION
    PACKAGE
    BUILD / TEST
    Essential Application Delivery Steps

    View Slide

  15. Copyright © 2017 HashiCorp 15
    CONNECT
    RUN
    SECURE
    PROVISION
    Infrastructure & applications
    Applications
    Infrastructure & applications
    Infrastructure
    Register and monitor the
    application and its components
    Push the application into the
    environment
    Secure distributed environment to
    which applications will be deployed
    Create core infrastructure to
    run applications
    Create environment-appropriate
    version of the application
    Develop & test the application
    CONNECT
    DEPLOY
    SECURE
    PROVISION
    PACKAGE
    BUILD / TEST
    Essential Application Delivery Steps

    View Slide

  16. Copyright © 2017 HashiCorp 16
    CONNECT
    RUN
    SECURE
    PROVISION
    Infrastructure & applications
    Applications
    Infrastructure & applications
    Infrastructure
    Register and monitor the
    application and its components
    Push the application into the
    environment
    Secure distributed environment to
    which applications will be deployed
    Create core infrastructure to
    run applications
    Create environment-appropriate
    version of the application
    Develop & test the application
    CONNECT
    DEPLOY & RUN
    SECURE
    PROVISION
    PACKAGE
    BUILD / TEST
    Essential Application Delivery Steps

    View Slide

  17. Copyright © 2017 HashiCorp 17
    CONNECT
    RUN
    SECURE
    PROVISION
    Infrastructure & applications
    Applications
    Infrastructure & applications
    Infrastructure
    Register and monitor the
    application and its components
    Push the application into the
    environment
    Secure distributed environment to
    which applications will be deployed
    Create core infrastructure to
    run applications
    Create environment-appropriate
    version of the application
    Develop & test the application
    CONNECT
    DEPLOY & RUN
    SECURE
    PROVISION
    PACKAGE
    BUILD / TEST
    Essential Application Delivery Steps

    View Slide

  18. Copyright © 2017 HashiCorp
    Provision
    18
    Providing a common workflow to
    provision infrastructure and
    application resources across private
    cloud, public cloud, and external
    services.
    Multi-Cloud
    Provisioning
    Operations
    Provision Any Infrastructure
    For Any Application
    Copyright © 2017 HashiCorp

    View Slide

  19. Copyright © 2017 HashiCorp
    The shift to hybrid infrastructure
    19
    TRADITIONAL

    DATACENTER
    TRADITIONAL

    DATACENTER

    View Slide

  20. Copyright © 2017 HashiCorp
    The shift to hybrid infrastructure
    20
    AWS Azure GCP
    Private cloud
    HYBRID DATACENTER
    TRADITIONAL

    DATACENTER
    TRADITIONAL

    DATACENTER

    View Slide

  21. Copyright © 2017 HashiCorp
    The shift to hybrid infrastructure
    21
    AWS Azure GCP
    Private cloud
    Application Platform
    Core Infrastructure
    Security
    HYBRID DATACENTER
    TRADITIONAL

    DATACENTER

    View Slide

  22. Copyright © 2017 HashiCorp 22
    AWS Azure GCP
    Private cloud
    HYBRID DATACENTER
    TRADITIONAL

    DATACENTER
    The shift to hybrid infrastructure
    Application Platform
    Core Infrastructure
    Security

    View Slide

  23. Copyright © 2017 HashiCorp
    ▪ Public Cloud is forcing Multi-Cloud Architecture
    ▪ Provisioning of Core Infrastructure is Heterogenous
    ▪ API driven clouds, no API standardization
    ▪ Usage is Elastic
    ▪ Scale is orders of magnitude larger
    Provisioning Challenges
    23

    View Slide

  24. Copyright © 2017 HashiCorp
    ▪ Infrastructure as Code
    ▪ Versioning, Automation, Sharing, Modularity, Peer Review
    ▪ Point-and-Click does not scale, error prone
    ▪ Embrace Heterogeneity, Provide Common Workflows
    ▪ Extensibility Critical
    ▪ Incorporate new technologies without retooling
    Next-Generation Provisioning
    24

    View Slide

  25. Copyright © 2017 HashiCorp
    Secure
    25
    Centrally secure, store, and tightly
    control access to secrets across
    hybrid infrastructure and
    applications.
    Application-Centric
    Security
    Security
    Secure Any Infrastructure
    For Any Application
    Copyright © 2017 HashiCorp

    View Slide

  26. View Slide

  27. Copyright © 2017 HashiCorp
    ▪ Networks were hard on the outside, soft on the inside
    ▪ Deployed network middleware at ingress/egress
    ▪ Physical networking constrained traffic flow
    ▪ Complex topologies very difficult to model and secure
    ▪ Applications assumed confidential and privileged network
    Castle & Moat Security
    27

    View Slide

  28. Copyright © 2017 HashiCorp
    ▪ Assume “Zero Trust”, network is already compromised
    ▪ Application-Centric
    ▪ Authentication required on private networks
    ▪ Application to Application authorizations
    ▪ Data Encrypted in transit and at rest
    Next-Generation Security
    28

    View Slide

  29. Copyright © 2017 HashiCorp
    Run
    29
    Cluster managers and schedulers
    for self-service deployment and
    lifecycle management of
    applications on any infrastructure.
    Self-Service
    Deployment
    Deployment
    Run Any Application
    Across Any Infrastructure
    Copyright © 2017 HashiCorp

    View Slide

  30. Copyright © 2017 HashiCorp
    ▪ Operators coupled to Developers tightly (1:8)
    ▪ Low velocity of deployment
    ▪ Limited diversity of middleware
    ▪ Open Source gaining traction in Enterprise
    ▪ Specialized Middleware (Caches, NoSQL, Big Data, Messaging)
    ▪ Multi-Cloud Support
    Traditional Operations
    30

    View Slide

  31. Copyright © 2017 HashiCorp 31
    AWS Azure GCP
    Private cloud
    HYBRID DATACENTER
    TRADITIONAL

    DATACENTER
    The shift to hybrid infrastructure
    Application Platform
    Core Infrastructure
    Security

    View Slide

  32. Copyright © 2017 HashiCorp
    ▪ Empower Developers to Deploy, Decouple Operators
    ▪ Provide Higher Level Abstractions
    ▪ Support highly diverse applications and middleware
    ▪ Cluster Managers and Schedulers provide self-service, decoupling,
    higher density
    ▪ Nomad, Kubernetes, Mesos, etc
    Next-Generation Deployment
    32

    View Slide

  33. Copyright © 2017 HashiCorp
    Connect
    33
    Service discovery, runtime
    configuration, and orchestration
    needed for micro service based
    applications to operate.
    Enabling Services
    Service Catalog
    Connect Any Application
    Across Any Infrastructure
    Copyright © 2017 HashiCorp

    View Slide

  34. Copyright © 2017 HashiCorp
    ▪ Monolithic applications
    ▪ Low churn
    ▪ Limited scale out
    ▪ Load balancers
    Monolith Connectivity
    34

    View Slide

  35. Copyright © 2017 HashiCorp
    ▪ Service Oriented Architecture ~= Microservices
    ▪ N-Tier applications
    ▪ Public Cloud and Containers increasing churn
    ▪ Applications being updated more frequently
    ▪ 10-100x traditional scale
    SOA strikes Back
    35

    View Slide

  36. Copyright © 2017 HashiCorp
    ▪ Dynamic Service Catalog
    ▪ Services “Publish” availability
    ▪ Clients can “Discover” location services at runtime
    ▪ Handle high rate of change
    ▪ Route around failures
    ▪ Mix Mainframes, VMs, Containers, Serverless, etc
    ▪ Network is the connectivity layer
    Service Discovery
    36

    View Slide

  37. Copyright © 2017 HashiCorp
    ▪ Dynamic CMDB
    ▪ Service level abstraction
    ▪ Platform Agnostic (Public/Private Cloud, VM/Container)
    ▪ Resilient to Cloud reliability / Container churn
    ▪ Provides visibility into global state
    ▪ Enforce service level security policy
    Next-Generation Connectivity
    37

    View Slide

  38. s
    Copyright © 2017 HashiCorp
    38
    Paradox of Automation

    View Slide

  39. View Slide

  40. Copyright © 2017 HashiCorp
    ▪ Automation enables a change to be repeatable and fast
    ▪ Gives developers and operators enormous leverage
    ▪ Does not imply every change is desirable!
    ▪ Physical world made mistakes more obvious
    ▪ Did you really mean to order 5000 servers?
    ▪ Did you really mean to rewire traffic around the firewall?
    Automation Challenges
    40

    View Slide

  41. Copyright © 2017 HashiCorp
    ▪ Infrastructure as Code
    ▪ Codified and Versioned Infrastructure
    ▪ Policy as Code
    ▪ Codified and Versioned Policies
    ▪ Policy ensures incremental changes are safe
    ▪ Prevent automation avalanche
    ▪ Automation with Guardrails!
    Next-Generation Automation
    41

    View Slide

  42. Thank you.
    [email protected]
    www.hashicorp.com

    View Slide