To unlock the fastest path to value from the cloud, enterprises must consider how to industrialize the application delivery process across each layer of the cloud environment, namely
- Provisioning
- Security
- Networking
- Deployment
2. Company Overview
Founded in 2012 by Mitchell Hashimoto and
Armon Dadgar
Enabling the Cloud Operating Model Provision,
Secure, Connect, and Run any infrastructure for
any application
4. The Transition to Cloud and Multi-Cloud
Traditional Datacenter
âStaticâ
Modern Datacenter
âDynamicâ
Dedicated
Infrastructure
Private
Cloud
AWS Azure GCP ...+ + +
5. The Transition to Cloud and Multi-Cloud
Traditional Datacenter
âStaticâ
Modern Datacenter
âDynamicâ
Dedicated
Infrastructure
Private
Cloud
AWS Azure GCP ...+ + +
âTickets-basedâ âSelf serviceâ
6. The Transition to Cloud and Multi-Cloud
Traditional Datacenter
âStaticâ
Modern Datacenter
âDynamicâ
Dedicated
Infrastructure
Private
Cloud
AWS Azure GCP ...+ + +
SYSTEMS OF RECORD SYSTEMS OF ENGAGEMENT
âTickets-basedâ âSelf serviceâ
7. Implications of the Cloud Operating Model
STATIC DYNAMIC
Dedicated servers
Homogenous
Capacity on-demand
Heterogenous
Provision
8. Implications of the Cloud Operating Model
STATIC DYNAMIC
Dedicated servers
Homogenous
Capacity on-demand
Heterogenous
High trust
IP-based
Low trust
Identity-based
Provision
Secure
9. Implications of the Cloud Operating Model
STATIC DYNAMIC
Dedicated servers
Homogenous
Capacity on-demand
Heterogenous
High trust
IP-based
Low trust
Identity-based
Host-based
Static IP
Service-based
Dynamic IP
Provision
Secure
Connect
10. Implications of the Cloud Operating Model
STATIC DYNAMIC
Dedicated servers
Homogenous
Capacity on-demand
Heterogenous
High trust
IP-based
Low trust
Identity-based
Host-based
Static IP
Service-based
Dynamic IP
Dedicated Infrastructure Scheduled across the ïŹeet
Provision
Secure
Connect
Run
11. The Cloud Landscape
STATIC DYNAMIC
vSphere vSphere
EKS/ECS
Lambda
AKS/ACS
Azure Functions
GKE
Cloud Functions
Hardware
Various
Hardware
Proprietary
Istio
IP:
Hardware
Identity:
AD/LDAP
vCenter Terraform CloudFormation
Resource
Manager
Cloud
Deployment
Manager
Dedicated Private Cloud AWS Azure GCP
Identity:
AWS IAM
Identity:
Azure AD
Identity:
GCP IAM
Proprietary
CloudMap
AppMesh
Provision
Operations
Secure
Security
Connect
Networking
Run
Development
12. A Common Operating Model with
the HashiCorp Suite
Provision
Operations
Secure
Security
Connect
Networking
Run
Development
Private Cloud AWS Azure GCP
13. Private Cloud
Cloud Provisioning with Terraform
A common Cloud Operating Model
AWS Azure GCP
Provision
Operations
Secure
Security
Connect
Networking
Run
Development
14. Cloud Provisioning with Terraform
A common Cloud Operating Model
Core + Provider Model
â Expose the unique services of each infrastructure
platform, but provide a consistent workïŹow
15. Cloud Provisioning with Terraform
A common Cloud Operating Model
Core + Provider Model
â Expose the unique services of each infrastructure
platform, but provide a consistent workïŹow
â 200+ Providers exist for any infrastructure or
application element
i. Enabled by the open source model of 1200+
contributors
16. Cloud Provisioning with Terraform
A common Cloud Operating Model
A single Terraform template contains the
entire infrastructure topology
â Platform services AND the conïŹguration of
any dependancies
i. eg. 4 AWS services plus k8s
17. Cloud Provisioning with Terraform
A common Cloud Operating Model
Self Service Provisioning
Templates can be made available to
any development team for
self-provisioning
Multi-Cloud Provisioning &
Compliance
Operations teams can enforce security
& policy at provisioning time with
Terraform Enterprise
18. Cloud Provisioning with Terraform
A common Cloud Operating Model
Before
Developer or
CI / CD System
TF CLI
TF Template
19. Cloud Provisioning with Terraform
A common Cloud Operating Model
CodiïŹed policies enforce security, compliance, and
operational best practices across all cloud provisioning
Before
Developer or
CI / CD System
TF CLI
TF Template
After
Developer or
CI / CD System
TF CLI
TF Template
TFE
â Policy
â Governance
20. Private Cloud
Cloud Security with Vault
A common Cloud Operating Model
AWS Azure GCP
Provision
Operations
Secure
Security
Connect
Networking
Run
Development
23. Identity-based Security with Vault
A common Cloud Operating Model
Identity of requester authenticated
against any identity model prior to
granting access
24. Identity-based Security with Vault
A common Cloud Operating Model
Identity of requester authenticated
against any identity model prior to
granting access
Policies deïŹned by the Security team
and enforced at runtime.
25. Vault Use Cases
A common Cloud Operating Model
1. Centralized Secrets
Management
2. Encryption as a Service
a. Encrypt all application traïŹc
without app modiïŹcation
26. Private Cloud
Cloud Networking with Consul
A common Cloud Operating Model
AWS Azure GCP
Provision
Operations
Secure
Security
Connect
Networking
Run
Development
27. Traditional Networking
A common Cloud Operating Model
A. Provision load-balancers to create static IP
B. Artifact deployed
C. Firewall rule updated to allow traïŹc
Average time to traïŹc ~ 6 weeks
Load balancer sprawl ($$!) but also as single
point of failure for each service
28. Networking with Consul
A common Cloud Operating Model
â Service Registry enables Routing
â From IP-Address to Name
â Services register and discover each
other. Consul server maintains the map
of service location
29. Networking with Consul
A common Cloud Operating Model
â Service Registry enables Routing
â From IP-Address to Name
â Services register and discover each
other. Consul server maintains the map
of service location
â Consul enables routing directly to
services
30. Networking with Consul
A common Cloud Operating Model
â Service Registry enables Routing
â Service Segmentation for Security
â Consul Connect enables
service-to-service communication
â Foundation of zero-trust model
â âService Meshâ
31. Networking with Consul
A common Cloud Operating Model
â Service Registry enables Routing
â Service Segmentation for Security
â Consul Connect enables
service-to-service communication
â Foundation of zero-trust model
â âService Meshâ
A common service registry across heterogeneous environments is the basis
for multi-cloud service networking
32. Private Cloud
Cloud Deployment with Nomad
A common Cloud Operating Model
AWS Azure GCP
Provision
Operations
Secure
Security
Connect
Networking
Run
Development
33. Cloud Deployment with Nomad
A common Cloud Operating Model
â Container Orchestration allows for
deploying, managing and scaling of
containerized apps
â Legacy Application
â Orchestrates and automates legacy
applications to improve resilience and
eïŹciency
â Batch Workloads
â GPU support to enable ML, AI, data
science, and other intensive workloads in
HPC clusters
34. Nomad Use Cases
A common Cloud Operating Model
Flexible Container & Workload
Organization
Deploy and manage any
containerized, legacy, or batch
application.
Multi-Cloud Workload Management
Safely manage workloads across
regions and cloud providers
EïŹcient Resource Utilization
Increase resource utilization, reduce
ïŹeet sizes, and cut costs.
35. A Common Cloud Operating Model to
Accelerate Application Delivery
App
?
36. A Common Cloud Operating Model to
Accelerate Application Delivery
App Operations
37. A Common Cloud Operating Model to
Accelerate Application Delivery
App
Operations
Security
38. A Common Cloud Operating Model to
Accelerate Application Delivery
App
Operations
Security
Networking
39. A Common Cloud Operating Model to
Accelerate Application Delivery
App
Operations
Security
Networking
Development
App
40. A Common Cloud Operating Model to
Accelerate Application Delivery
App
Operations
Security
Networking
Development
App
GOVERNANCE
POLICY
41. Open Source vs. Enterprise
OPEN SOURCE OPEN SOURCE OPEN SOURCE
Individuals Teams
Pro
Organizations
Premium
COLLABORATION
COLLABORATION
POLICY
GOVERNANCE
ORGANIZATIONAL COMPLEXITY