Pro Yearly is on sale from $80 to $50! »

Brave New World: Infrastructure Automation

11ba9630c9136eef9a70d26473d355d5?s=47 Armon Dadgar
August 30, 2017
540

Brave New World: Infrastructure Automation

Infrastructure is being transformed by the pressure to deliver applications faster, adopt public clouds, and dramatically improve security. Together, these trends are forcing organizations to rethink their entire approach on application delivery. HashiCorp focuses on supporting the worlds leading organizations through this transition to deliver applications in a multi-cloud world. In this talk, we discuss the necessary changes in how we provision core infrastructure, ensure application and data security, and deploy and manage our applications.

11ba9630c9136eef9a70d26473d355d5?s=128

Armon Dadgar

August 30, 2017
Tweet

Transcript

  1. Copyright © 2017 HashiCorp Brave New World:
 Infrastructure Automation

  2. Armon Dadgar Founder and CTO @armon

  3. Copyright © 2017 HashiCorp CONNECT Infrastructure & applications RUN SECURE

    PROVISION Applications Infrastructure & applications Infrastructure OSS TOOL SUITE PRODUCT SUITE Consul Nomad Terraform Vault Consul Enterprise Nomad Enterprise Vault Enterprise Terraform Enterprise FOR TEAMS FOR INDIVIDUALS Provision, secure, connect, and run any infrastructure 3 Copyright © 2017 HashiCorp
  4. Copyright © 2017 HashiCorp Market Trends

  5. Tractor Company or Software Company?

  6. Copyright © 2017 HashiCorp ▪ Applications shifting from Back office

    to Front office ▪ Traditional Companies being Disrupted by Software ▪ Pressure to Deliver Applications Faster Applications Front and Center 6
  7. None
  8. Copyright © 2017 HashiCorp ▪ AWS, Azure, GCP, Oracle Cloud,

    IBM Cloud, Alibaba, Huawei ▪ Doing $XXB in revenue ▪ Growing at 100%+ YOY ▪ Avoid CapEx for new projects, enable experimentation ▪ Elastic capacity for scaling ▪ Outsource specialized know how Public Clouds set Sail 8
  9. HVAC: Security Risk?

  10. Copyright © 2017 HashiCorp ▪ Security has been elevated into

    a critical business risk ▪ Target compromised through an HVAC system ▪ Google compromised by splicing dark fiber ▪ Regulation changing the landscape (GDPR, CSL) Security is a Board topic 10
  11. s Copyright © 2017 HashiCorp 11 Rethinking Entire Application Delivery

    Lifecycle
  12. Copyright © 2017 HashiCorp ▪ Natural Tension of Goals ▪

    Deliver Applications Faster ▪ Reduce Complexity and Manage Risk ▪ Principles, Process, and Tools all matter Application Delivery Goals 12
  13. Copyright © 2017 HashiCorp Essential Application Delivery Steps 13 CONNECT

    RUN SECURE PROVISION Infrastructure & applications Applications Infrastructure & applications Infrastructure Register and monitor the application and its components Push the application into the environment Secure distributed environment to which applications will be deployed Develop & test the application CONNECT DEPLOY SECURE BUILD / TEST
  14. Copyright © 2017 HashiCorp 14 CONNECT RUN SECURE PROVISION Infrastructure

    & applications Applications Infrastructure & applications Infrastructure Register and monitor the application and its components Push the application into the environment Secure distributed environment to which applications will be deployed Create core infrastructure to run applications Create environment-appropriate version of the application Develop & test the application CONNECT DEPLOY SECURE PROVISION PACKAGE BUILD / TEST Essential Application Delivery Steps
  15. Copyright © 2017 HashiCorp 15 CONNECT RUN SECURE PROVISION Infrastructure

    & applications Applications Infrastructure & applications Infrastructure Register and monitor the application and its components Push the application into the environment Secure distributed environment to which applications will be deployed Create core infrastructure to run applications Create environment-appropriate version of the application Develop & test the application CONNECT DEPLOY SECURE PROVISION PACKAGE BUILD / TEST Essential Application Delivery Steps
  16. Copyright © 2017 HashiCorp 16 CONNECT RUN SECURE PROVISION Infrastructure

    & applications Applications Infrastructure & applications Infrastructure Register and monitor the application and its components Push the application into the environment Secure distributed environment to which applications will be deployed Create core infrastructure to run applications Create environment-appropriate version of the application Develop & test the application CONNECT DEPLOY & RUN SECURE PROVISION PACKAGE BUILD / TEST Essential Application Delivery Steps
  17. Copyright © 2017 HashiCorp 17 CONNECT RUN SECURE PROVISION Infrastructure

    & applications Applications Infrastructure & applications Infrastructure Register and monitor the application and its components Push the application into the environment Secure distributed environment to which applications will be deployed Create core infrastructure to run applications Create environment-appropriate version of the application Develop & test the application CONNECT DEPLOY & RUN SECURE PROVISION PACKAGE BUILD / TEST Essential Application Delivery Steps
  18. Copyright © 2017 HashiCorp Provision 18 Providing a common workflow

    to provision infrastructure and application resources across private cloud, public cloud, and external services. Multi-Cloud Provisioning Operations Provision Any Infrastructure For Any Application Copyright © 2017 HashiCorp
  19. Copyright © 2017 HashiCorp The shift to hybrid infrastructure 19

    TRADITIONAL
 DATACENTER TRADITIONAL
 DATACENTER
  20. Copyright © 2017 HashiCorp The shift to hybrid infrastructure 20

    AWS Azure GCP Private cloud HYBRID DATACENTER TRADITIONAL
 DATACENTER TRADITIONAL
 DATACENTER
  21. Copyright © 2017 HashiCorp The shift to hybrid infrastructure 21

    AWS Azure GCP Private cloud Application Platform Core Infrastructure Security HYBRID DATACENTER TRADITIONAL
 DATACENTER
  22. Copyright © 2017 HashiCorp 22 AWS Azure GCP Private cloud

    HYBRID DATACENTER TRADITIONAL
 DATACENTER The shift to hybrid infrastructure Application Platform Core Infrastructure Security
  23. Copyright © 2017 HashiCorp ▪ Public Cloud is forcing Multi-Cloud

    Architecture ▪ Provisioning of Core Infrastructure is Heterogenous ▪ API driven clouds, no API standardization ▪ Usage is Elastic ▪ Scale is orders of magnitude larger Provisioning Challenges 23
  24. Copyright © 2017 HashiCorp ▪ Infrastructure as Code ▪ Versioning,

    Automation, Sharing, Modularity, Peer Review ▪ Point-and-Click does not scale, error prone ▪ Embrace Heterogeneity, Provide Common Workflows ▪ Extensibility Critical ▪ Incorporate new technologies without retooling Next-Generation Provisioning 24
  25. Copyright © 2017 HashiCorp Secure 25 Centrally secure, store, and

    tightly control access to secrets across hybrid infrastructure and applications. Application-Centric Security Security Secure Any Infrastructure For Any Application Copyright © 2017 HashiCorp
  26. None
  27. Copyright © 2017 HashiCorp ▪ Networks were hard on the

    outside, soft on the inside ▪ Deployed network middleware at ingress/egress ▪ Physical networking constrained traffic flow ▪ Complex topologies very difficult to model and secure ▪ Applications assumed confidential and privileged network Castle & Moat Security 27
  28. Copyright © 2017 HashiCorp ▪ Assume “Zero Trust”, network is

    already compromised ▪ Application-Centric ▪ Authentication required on private networks ▪ Application to Application authorizations ▪ Data Encrypted in transit and at rest Next-Generation Security 28
  29. Copyright © 2017 HashiCorp Run 29 Cluster managers and schedulers

    for self-service deployment and lifecycle management of applications on any infrastructure. Self-Service Deployment Deployment Run Any Application Across Any Infrastructure Copyright © 2017 HashiCorp
  30. Copyright © 2017 HashiCorp ▪ Operators coupled to Developers tightly

    (1:8) ▪ Low velocity of deployment ▪ Limited diversity of middleware ▪ Open Source gaining traction in Enterprise ▪ Specialized Middleware (Caches, NoSQL, Big Data, Messaging) ▪ Multi-Cloud Support Traditional Operations 30
  31. Copyright © 2017 HashiCorp 31 AWS Azure GCP Private cloud

    HYBRID DATACENTER TRADITIONAL
 DATACENTER The shift to hybrid infrastructure Application Platform Core Infrastructure Security
  32. Copyright © 2017 HashiCorp ▪ Empower Developers to Deploy, Decouple

    Operators ▪ Provide Higher Level Abstractions ▪ Support highly diverse applications and middleware ▪ Cluster Managers and Schedulers provide self-service, decoupling, higher density ▪ Nomad, Kubernetes, Mesos, etc Next-Generation Deployment 32
  33. Copyright © 2017 HashiCorp Connect 33 Service discovery, runtime configuration,

    and orchestration needed for micro service based applications to operate. Enabling Services Service Catalog Connect Any Application Across Any Infrastructure Copyright © 2017 HashiCorp
  34. Copyright © 2017 HashiCorp ▪ Monolithic applications ▪ Low churn

    ▪ Limited scale out ▪ Load balancers Monolith Connectivity 34
  35. Copyright © 2017 HashiCorp ▪ Service Oriented Architecture ~= Microservices

    ▪ N-Tier applications ▪ Public Cloud and Containers increasing churn ▪ Applications being updated more frequently ▪ 10-100x traditional scale SOA strikes Back 35
  36. Copyright © 2017 HashiCorp ▪ Dynamic Service Catalog ▪ Services

    “Publish” availability ▪ Clients can “Discover” location services at runtime ▪ Handle high rate of change ▪ Route around failures ▪ Mix Mainframes, VMs, Containers, Serverless, etc ▪ Network is the connectivity layer Service Discovery 36
  37. Copyright © 2017 HashiCorp ▪ Dynamic CMDB ▪ Service level

    abstraction ▪ Platform Agnostic (Public/Private Cloud, VM/Container) ▪ Resilient to Cloud reliability / Container churn ▪ Provides visibility into global state ▪ Enforce service level security policy Next-Generation Connectivity 37
  38. s Copyright © 2017 HashiCorp 38 Paradox of Automation

  39. None
  40. Copyright © 2017 HashiCorp ▪ Automation enables a change to

    be repeatable and fast ▪ Gives developers and operators enormous leverage ▪ Does not imply every change is desirable! ▪ Physical world made mistakes more obvious ▪ Did you really mean to order 5000 servers? ▪ Did you really mean to rewire traffic around the firewall? Automation Challenges 40
  41. Copyright © 2017 HashiCorp ▪ Infrastructure as Code ▪ Codified

    and Versioned Infrastructure ▪ Policy as Code ▪ Codified and Versioned Policies ▪ Policy ensures incremental changes are safe ▪ Prevent automation avalanche ▪ Automation with Guardrails! Next-Generation Automation 41
  42. Thank you. hello@hashicorp.com www.hashicorp.com