Brave New World: Infrastructure Automation

Transcript

1. Copyright © 2017 HashiCorp Brave New World:
 Infrastructure Automation

2. Armon Dadgar Founder and CTO @armon

3. Copyright © 2017 HashiCorp CONNECT Infrastructure & applications RUN SECURE

   PROVISION Applications Infrastructure & applications Infrastructure OSS TOOL SUITE PRODUCT SUITE Consul Nomad Terraform Vault Consul Enterprise Nomad Enterprise Vault Enterprise Terraform Enterprise FOR TEAMS FOR INDIVIDUALS Provision, secure, connect, and run any infrastructure 3 Copyright © 2017 HashiCorp

4. Copyright © 2017 HashiCorp Market Trends

5. Tractor Company or Software Company?

6. Copyright © 2017 HashiCorp ▪ Applications shifting from Back office

   to Front office ▪ Traditional Companies being Disrupted by Software ▪ Pressure to Deliver Applications Faster Applications Front and Center 6
7. None

8. Copyright © 2017 HashiCorp ▪ AWS, Azure, GCP, Oracle Cloud,

   IBM Cloud, Alibaba, Huawei ▪ Doing $XXB in revenue ▪ Growing at 100%+ YOY ▪ Avoid CapEx for new projects, enable experimentation ▪ Elastic capacity for scaling ▪ Outsource specialized know how Public Clouds set Sail 8

9. HVAC: Security Risk?

10. Copyright © 2017 HashiCorp ▪ Security has been elevated into

    a critical business risk ▪ Target compromised through an HVAC system ▪ Google compromised by splicing dark fiber ▪ Regulation changing the landscape (GDPR, CSL) Security is a Board topic 10

11. s Copyright © 2017 HashiCorp 11 Rethinking Entire Application Delivery

    Lifecycle

12. Copyright © 2017 HashiCorp ▪ Natural Tension of Goals ▪

    Deliver Applications Faster ▪ Reduce Complexity and Manage Risk ▪ Principles, Process, and Tools all matter Application Delivery Goals 12

13. Copyright © 2017 HashiCorp Essential Application Delivery Steps 13 CONNECT

    RUN SECURE PROVISION Infrastructure & applications Applications Infrastructure & applications Infrastructure Register and monitor the application and its components Push the application into the environment Secure distributed environment to which applications will be deployed Develop & test the application CONNECT DEPLOY SECURE BUILD / TEST

14. Copyright © 2017 HashiCorp 14 CONNECT RUN SECURE PROVISION Infrastructure

    & applications Applications Infrastructure & applications Infrastructure Register and monitor the application and its components Push the application into the environment Secure distributed environment to which applications will be deployed Create core infrastructure to run applications Create environment-appropriate version of the application Develop & test the application CONNECT DEPLOY SECURE PROVISION PACKAGE BUILD / TEST Essential Application Delivery Steps

15. Copyright © 2017 HashiCorp 15 CONNECT RUN SECURE PROVISION Infrastructure

    & applications Applications Infrastructure & applications Infrastructure Register and monitor the application and its components Push the application into the environment Secure distributed environment to which applications will be deployed Create core infrastructure to run applications Create environment-appropriate version of the application Develop & test the application CONNECT DEPLOY SECURE PROVISION PACKAGE BUILD / TEST Essential Application Delivery Steps

16. Copyright © 2017 HashiCorp 16 CONNECT RUN SECURE PROVISION Infrastructure

    & applications Applications Infrastructure & applications Infrastructure Register and monitor the application and its components Push the application into the environment Secure distributed environment to which applications will be deployed Create core infrastructure to run applications Create environment-appropriate version of the application Develop & test the application CONNECT DEPLOY & RUN SECURE PROVISION PACKAGE BUILD / TEST Essential Application Delivery Steps

17. Copyright © 2017 HashiCorp 17 CONNECT RUN SECURE PROVISION Infrastructure

    & applications Applications Infrastructure & applications Infrastructure Register and monitor the application and its components Push the application into the environment Secure distributed environment to which applications will be deployed Create core infrastructure to run applications Create environment-appropriate version of the application Develop & test the application CONNECT DEPLOY & RUN SECURE PROVISION PACKAGE BUILD / TEST Essential Application Delivery Steps

18. Copyright © 2017 HashiCorp Provision 18 Providing a common workflow

    to provision infrastructure and application resources across private cloud, public cloud, and external services. Multi-Cloud Provisioning Operations Provision Any Infrastructure For Any Application Copyright © 2017 HashiCorp

19. Copyright © 2017 HashiCorp The shift to hybrid infrastructure 19

    TRADITIONAL
 DATACENTER TRADITIONAL
 DATACENTER

20. Copyright © 2017 HashiCorp The shift to hybrid infrastructure 20

    AWS Azure GCP Private cloud HYBRID DATACENTER TRADITIONAL
 DATACENTER TRADITIONAL
 DATACENTER

21. Copyright © 2017 HashiCorp The shift to hybrid infrastructure 21

    AWS Azure GCP Private cloud Application Platform Core Infrastructure Security HYBRID DATACENTER TRADITIONAL
 DATACENTER

22. Copyright © 2017 HashiCorp 22 AWS Azure GCP Private cloud

    HYBRID DATACENTER TRADITIONAL
 DATACENTER The shift to hybrid infrastructure Application Platform Core Infrastructure Security

23. Copyright © 2017 HashiCorp ▪ Public Cloud is forcing Multi-Cloud

    Architecture ▪ Provisioning of Core Infrastructure is Heterogenous ▪ API driven clouds, no API standardization ▪ Usage is Elastic ▪ Scale is orders of magnitude larger Provisioning Challenges 23

24. Copyright © 2017 HashiCorp ▪ Infrastructure as Code ▪ Versioning,

    Automation, Sharing, Modularity, Peer Review ▪ Point-and-Click does not scale, error prone ▪ Embrace Heterogeneity, Provide Common Workflows ▪ Extensibility Critical ▪ Incorporate new technologies without retooling Next-Generation Provisioning 24

25. Copyright © 2017 HashiCorp Secure 25 Centrally secure, store, and

    tightly control access to secrets across hybrid infrastructure and applications. Application-Centric Security Security Secure Any Infrastructure For Any Application Copyright © 2017 HashiCorp
26. None

27. Copyright © 2017 HashiCorp ▪ Networks were hard on the

    outside, soft on the inside ▪ Deployed network middleware at ingress/egress ▪ Physical networking constrained traffic flow ▪ Complex topologies very difficult to model and secure ▪ Applications assumed confidential and privileged network Castle & Moat Security 27

28. Copyright © 2017 HashiCorp ▪ Assume “Zero Trust”, network is

    already compromised ▪ Application-Centric ▪ Authentication required on private networks ▪ Application to Application authorizations ▪ Data Encrypted in transit and at rest Next-Generation Security 28

29. Copyright © 2017 HashiCorp Run 29 Cluster managers and schedulers

    for self-service deployment and lifecycle management of applications on any infrastructure. Self-Service Deployment Deployment Run Any Application Across Any Infrastructure Copyright © 2017 HashiCorp

30. Copyright © 2017 HashiCorp ▪ Operators coupled to Developers tightly

    (1:8) ▪ Low velocity of deployment ▪ Limited diversity of middleware ▪ Open Source gaining traction in Enterprise ▪ Specialized Middleware (Caches, NoSQL, Big Data, Messaging) ▪ Multi-Cloud Support Traditional Operations 30

31. Copyright © 2017 HashiCorp 31 AWS Azure GCP Private cloud

    HYBRID DATACENTER TRADITIONAL
 DATACENTER The shift to hybrid infrastructure Application Platform Core Infrastructure Security

32. Copyright © 2017 HashiCorp ▪ Empower Developers to Deploy, Decouple

    Operators ▪ Provide Higher Level Abstractions ▪ Support highly diverse applications and middleware ▪ Cluster Managers and Schedulers provide self-service, decoupling, higher density ▪ Nomad, Kubernetes, Mesos, etc Next-Generation Deployment 32

33. Copyright © 2017 HashiCorp Connect 33 Service discovery, runtime configuration,

    and orchestration needed for micro service based applications to operate. Enabling Services Service Catalog Connect Any Application Across Any Infrastructure Copyright © 2017 HashiCorp

34. Copyright © 2017 HashiCorp ▪ Monolithic applications ▪ Low churn

    ▪ Limited scale out ▪ Load balancers Monolith Connectivity 34

35. Copyright © 2017 HashiCorp ▪ Service Oriented Architecture ~= Microservices

    ▪ N-Tier applications ▪ Public Cloud and Containers increasing churn ▪ Applications being updated more frequently ▪ 10-100x traditional scale SOA strikes Back 35

36. Copyright © 2017 HashiCorp ▪ Dynamic Service Catalog ▪ Services

    “Publish” availability ▪ Clients can “Discover” location services at runtime ▪ Handle high rate of change ▪ Route around failures ▪ Mix Mainframes, VMs, Containers, Serverless, etc ▪ Network is the connectivity layer Service Discovery 36

37. Copyright © 2017 HashiCorp ▪ Dynamic CMDB ▪ Service level

    abstraction ▪ Platform Agnostic (Public/Private Cloud, VM/Container) ▪ Resilient to Cloud reliability / Container churn ▪ Provides visibility into global state ▪ Enforce service level security policy Next-Generation Connectivity 37

38. s Copyright © 2017 HashiCorp 38 Paradox of Automation

39. None

40. Copyright © 2017 HashiCorp ▪ Automation enables a change to

    be repeatable and fast ▪ Gives developers and operators enormous leverage ▪ Does not imply every change is desirable! ▪ Physical world made mistakes more obvious ▪ Did you really mean to order 5000 servers? ▪ Did you really mean to rewire traffic around the firewall? Automation Challenges 40

41. Copyright © 2017 HashiCorp ▪ Infrastructure as Code ▪ Codified

    and Versioned Infrastructure ▪ Policy as Code ▪ Codified and Versioned Policies ▪ Policy ensures incremental changes are safe ▪ Prevent automation avalanche ▪ Automation with Guardrails! Next-Generation Automation 41

42. Thank you. [email protected] www.hashicorp.com