DevOps / Networking / Service Mesh

How HashiCorp Widened the Reach of the Consul Service Mesh

14 May 2020 10:26am, by

HashiCorp has expanded its Consul network control plane by widening its scope for different highly distributed services and environments — while simplifying and expanding its compliance and policy management capabilities.

By adding gateway options and compliance features with today’s release of Consul 1.8, HashiCorp has made the control plane able to manage many different environments in a single interface, the company says. These might include services and applications running in containers, Kubernetes or virtual machines (VMs) on bare metal, traditional data centers or multicloud environments that are often widely dispersed geographically.

“We are useful to customers because we offer a layer across [different environments] with a single management plane. The challenges customers have is they have many services that sit outside of service mesh, such as traditional applications, and need to bring them into the same fold,” Amith Nair, vice president of product marketing for HashiCorp, told The New Stack. “So how can services talk to your applications within your service mesh, and how do the applications in the service mesh talk out? Consul 1.8 solves that problem.”

Consul 1.8’s audit logging and single sign-on (SSO) features (which are part of the enterprise version) extend the control planes’ governance and compliance capabilities. “These provide much more visibility into what’s happening at the service and application layer in terms of the health of the service, when it was last touched, what kind of policies it’s using and so on,” Nair said.

 

HashiCorp’s Consul 1.7 improvements included helping DevOps teams to improve their ability to create isolated management environments in a shared cluster. Consul 1.8 helps to better manage the huge sprawl of services many organizations increasingly have to manage. This includes the challenges of controlling and aligning different services in multiple environments while also setting up firewall policies and mapping all the various associated ports.

“There’s a huge amount of dependency across your networking stack, while the way you do networking in the new world is very different from what it was traditionally done with static IP,” Nair said. “Now, networking has to be more dynamic, because of the number of services, with the added challenges of how your developers are now building out all these applications and services.”

With these new services, organizations typically have some applications that work in the traditional service mesh environment and others that do not, such as applications managed in traditional data center environments.

Consul 1.8 helps to consolidate all of the old and new services so that “what is inside your mesh and what stays outside all talk to each other,” Nair said.

In a presentation, HashiCorp listed Consul 1.8 new features:

  • WAN federation over mesh gateways.
  • Terminating gateways.
  • Ingress gateways.
  • JWT authentication method.
  • Layer 7 traffic management enhancements.
  • ACL UX enhancements.
  • Audit logging (with the enterprise version).
  • Single sign-on (with the enterprise version).

In this context, organizations often rely on service mesh to “better grow a container cluster and speed Kubernetes-based platform adoption.”  Tom Petrocelli, an analyst for Amalgam Insights, told The New Stack. “That’s why what HashiCorp is doing with Consul is important,”  Petrocelli said.

It has often been said that managing applications and data in Kubernetes environments requires service mesh. Beyond the management of simple clusters, for example, it is important to control application traffic (Layer 7 traffic), “both North-South and East-West,” Petrocelli said. “That’s when most organizations adopt service mesh,” Petrocelli said.

“As you grow your clusters, the simple networking options in Kubernetes is not enough,” Petrocelli said. “When you start to have multiple large clusters, then managing traffic between clusters as well as traffic between multiple clusters and the outside world becomes even more difficult.”

Organizations are also typically expanding the number of new platforms, as well as applications, they must manage, Petrocelli said. Meanwhile, microservices are deployed in clusters often spread out “throughout an organization, across geographies and across a mix of public and private clouds,” Petrocelli said. “Once this begins to happen at scale, managing traffic between microservices clusters, applications consuming their functionality via APIs, and traditional systems such as n-tier is impossible to do by hand,” Petrocelli said. “At that point, you need a control plane and service mesh capable of managing all that disparate traffic. These are what the new features of Consul are all about.”

As mentioned above, the service mesh control plane needs to be able to manage all traffic as clusters grow in size and number, while the diversity of cluster targets expands as well, Petrocelli said. “Consul is looking to address these issues of scale,” Petrocelli said.

As for governance and compliance, one of the main goals is to set policies and document what has been implemented,” Petrocelli said. “I would argue that most service mesh control planes do that at some level,” Petrocelli said. “Consul just does this at an enterprise-wide scale.”

HashiCorp is a sponsor of The New Stack.

Feature image via Pixabay.

A newsletter digest of the week’s most important stories & analyses.