Copyright © 2017 HashiCorp Brave New World:
 Infrastructure Automation

Armon Dadgar Founder and CTO @armon

Copyright © 2017 HashiCorp CONNECT Infrastructure & applications RUN SECURE PROVISION Applications Infrastructure & applications Infrastructure OSS TOOL SUITE PRODUCT SUITE Consul Nomad Terraform Vault Consul Enterprise Nomad Enterprise Vault Enterprise Terraform Enterprise FOR TEAMS FOR INDIVIDUALS Provision, secure, connect, and run any infrastructure 3 Copyright © 2017 HashiCorp

Copyright © 2017 HashiCorp Market Trends

Tractor Company or Software Company?

Copyright © 2017 HashiCorp ▪ Applications shifting from Back office to Front office ▪ Traditional Companies being Disrupted by Software ▪ Pressure to Deliver Applications Faster Applications Front and Center 6

No content

Copyright © 2017 HashiCorp ▪ AWS, Azure, GCP, Oracle Cloud, IBM Cloud, Alibaba, Huawei ▪ Doing $XXB in revenue ▪ Growing at 100%+ YOY ▪ Avoid CapEx for new projects, enable experimentation ▪ Elastic capacity for scaling ▪ Outsource specialized know how Public Clouds set Sail 8

HVAC: Security Risk?

Copyright © 2017 HashiCorp ▪ Security has been elevated into a critical business risk ▪ Target compromised through an HVAC system ▪ Google compromised by splicing dark fiber ▪ Regulation changing the landscape (GDPR, CSL) Security is a Board topic 10

s Copyright © 2017 HashiCorp 11 Rethinking Entire Application Delivery Lifecycle

Copyright © 2017 HashiCorp ▪ Natural Tension of Goals ▪ Deliver Applications Faster ▪ Reduce Complexity and Manage Risk ▪ Principles, Process, and Tools all matter Application Delivery Goals 12

Copyright © 2017 HashiCorp Essential Application Delivery Steps 13 CONNECT RUN SECURE PROVISION Infrastructure & applications Applications Infrastructure & applications Infrastructure Register and monitor the application and its components Push the application into the environment Secure distributed environment to which applications will be deployed Develop & test the application CONNECT DEPLOY SECURE BUILD / TEST

Copyright © 2017 HashiCorp 14 CONNECT RUN SECURE PROVISION Infrastructure & applications Applications Infrastructure & applications Infrastructure Register and monitor the application and its components Push the application into the environment Secure distributed environment to which applications will be deployed Create core infrastructure to run applications Create environment-appropriate version of the application Develop & test the application CONNECT DEPLOY SECURE PROVISION PACKAGE BUILD / TEST Essential Application Delivery Steps

Copyright © 2017 HashiCorp 15 CONNECT RUN SECURE PROVISION Infrastructure & applications Applications Infrastructure & applications Infrastructure Register and monitor the application and its components Push the application into the environment Secure distributed environment to which applications will be deployed Create core infrastructure to run applications Create environment-appropriate version of the application Develop & test the application CONNECT DEPLOY SECURE PROVISION PACKAGE BUILD / TEST Essential Application Delivery Steps

Copyright © 2017 HashiCorp 16 CONNECT RUN SECURE PROVISION Infrastructure & applications Applications Infrastructure & applications Infrastructure Register and monitor the application and its components Push the application into the environment Secure distributed environment to which applications will be deployed Create core infrastructure to run applications Create environment-appropriate version of the application Develop & test the application CONNECT DEPLOY & RUN SECURE PROVISION PACKAGE BUILD / TEST Essential Application Delivery Steps

Copyright © 2017 HashiCorp 17 CONNECT RUN SECURE PROVISION Infrastructure & applications Applications Infrastructure & applications Infrastructure Register and monitor the application and its components Push the application into the environment Secure distributed environment to which applications will be deployed Create core infrastructure to run applications Create environment-appropriate version of the application Develop & test the application CONNECT DEPLOY & RUN SECURE PROVISION PACKAGE BUILD / TEST Essential Application Delivery Steps

Copyright © 2017 HashiCorp Provision 18 Providing a common workflow to provision infrastructure and application resources across private cloud, public cloud, and external services. Multi-Cloud Provisioning Operations Provision Any Infrastructure For Any Application Copyright © 2017 HashiCorp

Copyright © 2017 HashiCorp The shift to hybrid infrastructure 19 TRADITIONAL
 DATACENTER TRADITIONAL
 DATACENTER

Copyright © 2017 HashiCorp The shift to hybrid infrastructure 20 AWS Azure GCP Private cloud HYBRID DATACENTER TRADITIONAL
 DATACENTER TRADITIONAL
 DATACENTER

Copyright © 2017 HashiCorp The shift to hybrid infrastructure 21 AWS Azure GCP Private cloud Application Platform Core Infrastructure Security HYBRID DATACENTER TRADITIONAL
 DATACENTER

Copyright © 2017 HashiCorp 22 AWS Azure GCP Private cloud HYBRID DATACENTER TRADITIONAL
 DATACENTER The shift to hybrid infrastructure Application Platform Core Infrastructure Security

Copyright © 2017 HashiCorp ▪ Public Cloud is forcing Multi-Cloud Architecture ▪ Provisioning of Core Infrastructure is Heterogenous ▪ API driven clouds, no API standardization ▪ Usage is Elastic ▪ Scale is orders of magnitude larger Provisioning Challenges 23

Copyright © 2017 HashiCorp ▪ Infrastructure as Code ▪ Versioning, Automation, Sharing, Modularity, Peer Review ▪ Point-and-Click does not scale, error prone ▪ Embrace Heterogeneity, Provide Common Workflows ▪ Extensibility Critical ▪ Incorporate new technologies without retooling Next-Generation Provisioning 24

Copyright © 2017 HashiCorp Secure 25 Centrally secure, store, and tightly control access to secrets across hybrid infrastructure and applications. Application-Centric Security Security Secure Any Infrastructure For Any Application Copyright © 2017 HashiCorp

No content

Copyright © 2017 HashiCorp ▪ Networks were hard on the outside, soft on the inside ▪ Deployed network middleware at ingress/egress ▪ Physical networking constrained traffic flow ▪ Complex topologies very difficult to model and secure ▪ Applications assumed confidential and privileged network Castle & Moat Security 27

Copyright © 2017 HashiCorp ▪ Assume “Zero Trust”, network is already compromised ▪ Application-Centric ▪ Authentication required on private networks ▪ Application to Application authorizations ▪ Data Encrypted in transit and at rest Next-Generation Security 28

Copyright © 2017 HashiCorp Run 29 Cluster managers and schedulers for self-service deployment and lifecycle management of applications on any infrastructure. Self-Service Deployment Deployment Run Any Application Across Any Infrastructure Copyright © 2017 HashiCorp

Copyright © 2017 HashiCorp ▪ Operators coupled to Developers tightly (1:8) ▪ Low velocity of deployment ▪ Limited diversity of middleware ▪ Open Source gaining traction in Enterprise ▪ Specialized Middleware (Caches, NoSQL, Big Data, Messaging) ▪ Multi-Cloud Support Traditional Operations 30

Copyright © 2017 HashiCorp 31 AWS Azure GCP Private cloud HYBRID DATACENTER TRADITIONAL
 DATACENTER The shift to hybrid infrastructure Application Platform Core Infrastructure Security

Copyright © 2017 HashiCorp ▪ Empower Developers to Deploy, Decouple Operators ▪ Provide Higher Level Abstractions ▪ Support highly diverse applications and middleware ▪ Cluster Managers and Schedulers provide self-service, decoupling, higher density ▪ Nomad, Kubernetes, Mesos, etc Next-Generation Deployment 32

Copyright © 2017 HashiCorp Connect 33 Service discovery, runtime configuration, and orchestration needed for micro service based applications to operate. Enabling Services Service Catalog Connect Any Application Across Any Infrastructure Copyright © 2017 HashiCorp

Copyright © 2017 HashiCorp ▪ Monolithic applications ▪ Low churn ▪ Limited scale out ▪ Load balancers Monolith Connectivity 34

Copyright © 2017 HashiCorp ▪ Service Oriented Architecture ~= Microservices ▪ N-Tier applications ▪ Public Cloud and Containers increasing churn ▪ Applications being updated more frequently ▪ 10-100x traditional scale SOA strikes Back 35

Copyright © 2017 HashiCorp ▪ Dynamic Service Catalog ▪ Services “Publish” availability ▪ Clients can “Discover” location services at runtime ▪ Handle high rate of change ▪ Route around failures ▪ Mix Mainframes, VMs, Containers, Serverless, etc ▪ Network is the connectivity layer Service Discovery 36

Copyright © 2017 HashiCorp ▪ Dynamic CMDB ▪ Service level abstraction ▪ Platform Agnostic (Public/Private Cloud, VM/Container) ▪ Resilient to Cloud reliability / Container churn ▪ Provides visibility into global state ▪ Enforce service level security policy Next-Generation Connectivity 37

s Copyright © 2017 HashiCorp 38 Paradox of Automation

No content

Copyright © 2017 HashiCorp ▪ Automation enables a change to be repeatable and fast ▪ Gives developers and operators enormous leverage ▪ Does not imply every change is desirable! ▪ Physical world made mistakes more obvious ▪ Did you really mean to order 5000 servers? ▪ Did you really mean to rewire traffic around the firewall? Automation Challenges 40

Copyright © 2017 HashiCorp ▪ Infrastructure as Code ▪ Codified and Versioned Infrastructure ▪ Policy as Code ▪ Codified and Versioned Policies ▪ Policy ensures incremental changes are safe ▪ Prevent automation avalanche ▪ Automation with Guardrails! Next-Generation Automation 41

Thank you. [email protected] www.hashicorp.com