Build for massive scale & security with the HashiCorp Cloud Platform (DOP301)

Building for Massive Scale of Security with Hashi Corp Cloud Platform

Summary

  1. Read - Monitoring and Observability

    • Importance of monitoring and observability to make informed changes to infrastructure and security.
    • Auditing infrastructure changes, identifying drift, and validating policy conformance.
    • Auditing system access, identifying vulnerabilities, and validating artifact provenance.
  2. Create - Modularization and Access Control

    • Importance of modularization to isolate changes and minimize the blast radius.
    • Decoupling identity from access policy for more dynamic changes.
    • Demonstrating modularization with Terraform and decoupling identities with HashiCorp Vault.
  3. Update - Standardization and Remediation

    • Importance of standardization to improve the predictability of changes and rollbacks.
    • Demonstrating standardized deployment using HashiCorp Waypoint and secret rotation using HashiCorp Vault.
    • Showing a "break glass" update using HashiCorp Boundary for secure remote access.
  4. Delete - Immutability and Ephemerality

    • Importance of immutability and ephemerality to support lower-risk refactoring patterns.
    • Demonstrating immutable image pipelines using HashiCorp Packer and dynamic credentials using HashiCorp Vault.
    • Discussing the concept of a "global delete" and the use of ephemeral workspaces.
  5. As Code, Self-Service, and Systems of Record

    • Importance of having the foundational building blocks in place to enable as-code, self-service, and systems of record.
    • Demonstrating self-service infrastructure as code using HashiCorp Waypoint and a system of record using HashiCorp Console.
    • Emphasizing the need to assess your organization's capabilities across the different building blocks to achieve scale.

Key Takeaways

  • Effective life cycle management of infrastructure and security resources is crucial for achieving massive scale.
  • The presenters outlined four core actions - create, read, update, and delete - and discussed the underlying patterns and principles required to support these actions at scale.
  • Monitoring, observability, modularization, access control, standardization, remediation, immutability, and ephemerality are essential building blocks for managing infrastructure and security life cycles.
  • The presenters demonstrated various HashiCorp products, such as Terraform, Vault, Boundary, Packer, Waypoint, and Console, to illustrate how these building blocks can be implemented in practice.
  • Achieving true scale requires not only the technical implementation of these building blocks but also the organizational alignment and adoption of the associated patterns and principles.

Your Digital Journey deserves a great story.

Build one with us.

Cookies Icon

These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.

Talk to us