Cloud infrastructure automation company HashiCorp has extended its service mesh capabilities with a major update for HashiCorp Consul. The new capability, Consul Connect, allows users to efficiently secure service-to-service communications in hybrid environments.
According to the company, modern application architectures often include public clouds, microservices, and container schedulers, and these architectures often require a service mesh that enables users to discover, configure, and connect services across an on-premises and cloud-based fleet.
A service mesh can solve the three issues of discovery, configuration, and segmentation. According to HashiCorp, prior to this release, Consul solved the first two problems, but with Consul Connect, segmentation is also solved for.
According to the company, there are four components of Consul Connect that allow for segmentation. Its service-based rules, as opposed to IP-based rules, allow for the simplification of managing dynamic infrastructure with frequently changing IPs. Sidecar proxies enables applications to be integrated without changes to the code, Layer 4 supports provides almost universal protocol compatibility, and native integration allows throughput or latency sensitive applications to avoid performance penalties.
Consul also acts as a certificate authority, which simplifies deployment and allows for integration with external signing authorities. Finally, it encrypts all traffic between services with mutual TLS, which ensures a strong guarantee of identity and confirms that all data in transit is encrypted.
“Consul now significantly simplifies the way that you enforce service connectivity, enabling you to replace what can be many thousands of IP-based firewall rules with a few service-based intentions,” said Armon Dadgar, founder and co-CTO of HashiCorp. “By solving security challenges at the service layer, we simplify our network requirements and make it easy for networking and security teams to manage, while removing a bottleneck for developers to adopt cloud.”