HashiConf 2017

James Martelletti
Sep 20, 2017

This week of September marks the third instalment of HashiConf, in Austin TX. The bustling little city where it's a sure bet you'll find hot weather, great music and some of the finest BBQ. As the community descends upon this location you'll hear great conversation around the latest principals and practices of software delivery, automation and operations.

We've all been looking forward to finding out what HashiCorp sees as the future of software. Vibrato has always been a proponent of HashiCorp technologies as they forge some of the best performing tools in the DevOps space. I'm going to recap some of the exciting technologies on the horizon that are being discussed at HashiConf and that Vibrato also sees as the future of software delivery.

Let's get the big announcements out the way:



Sentinel is a system and framework for policy as code. Policy driven architectures are growing up, and Sentinel provides the backbone to ensure both the structure and behaviour of your organisation can be enforced by policy. Policy that is written as code and treated just like other components of your software.


Consul 1.0

You know HashiCorp means business when they're willing to bless something with the "1.0" label. This simple string of numbers has an overwhelming impact on the perceived quality and stability of a product, and HashiCorp clearly does not take this lightly. Although Consul has been used in production in some of the words most major organizations since the very early days, it is now battle hardened. You can be sure that someone out there is running Consul is a larger capacity than you ever dreamed of.


Terraform Module Registry

Finally a place to publish and consume reusable modules of Terraform configuration. The module registry allows us a place to collaborate on shareable modules, but also gives us a way to see examples and best practices from all of the major cloud providers, as well as "HashiCorp Verified" modules which you can be sure conform to the Terraform-way of doing things.




To take it up a level, I'm constantly more excited by the discussions around principles and practices and not necessarily the technologies themselves. We live in a amazingly diverse and heterogeneous world, and HashiCorp has learnt to embrace this from the beginning. You can't win the minds and hearts of communities by simply standing back and saying "here's how it can be done if everything was done perfect from the start", instead they go through great pains to discover the thousands of real-world edge cases out there and legacy components that need to be supported in order to move the whole industry forward.

We are embarking on the age of modern IT infrastructure, systems keep progressively breaking their confines. First from a physical machine to VMs, from VMs to microservices, from datacenters to cloud providers, from cloud providers to multiple cloud providers in globally distributed regions. Whether intentionally or not, any business of size with sense is soon going to be operating across multiple cloud providers. But the same basic concerns haven't changed - I need something to run, somewhere to run it, and some way to secure it (and finally something to connect those 3 layers together). HashiCorp's entire product line is based around bridging these 4 fundamental concerns and offering a mostly declarative way to define each of them and operate them at the scale of some of the world's largest companies.


Here's a few of the key areas that Vibrato is excited to see progress in:

Policy & Compliance

There's been several big announcements around Sentinel and the policy syntax, allowing for fine-grained permissions and control across systems. Policy enforcement allows organisations to gain confidence that regulations and guidelines are being adhered to. One of the greatest features of baking Sentinel into each of the HashiCorp tools allows for "active enforcement" of rules. This is not a compliance scan that runs every so often to report if things are correctly in shape. Instead Sentinel has the ability to actively disallow actions that might have tipped a system out of policy. This also comes with different levels of enforcement, such as advisory level (just let me know I'm probably going to do a bad thing), soft enforcement which can be overridden (and appropriately logged) by an operator, or hard enforcement which will simply disallow an action to happen while that policy exists.



The same fundamental concerns around IT security have always existed, and at the same time attacks are becoming more sophisticated and aggressive. It's not a matter of if-you-get-hacked anymore, it's more of a matter of what-could-happen-when-you-get-hacked. We're no longer in a time where the "castles and moats" method of perimeter security works anymore, network topologies are more complex than ever before.



Lots of work has been going into Nomad, it's now become part of the Enterprise suite, as well as getting some UI love, name-spacing and quotas. One thing that really stuck with me was Armon Dadger's comment on stage that "Most customers generally see 5% resource utilisation" across their IT systems. When you've worked a little while with auto-scaling of applications you tend to forget that there's some enterprises out there with massively over-provisioned resources, just to account for unoptimised capacity. Schedulers give us the capability to better define the constraints of a job, and ultimately not care where it's run. Allowing the scheduler to dynamically and optimally place workloads across an organisations IT systems means using capacity in the most effective way possible.



As you can generally expect with the amount of activity and releases going on with HashiCorp products there has been an overwhelming amount of new and updated topics to learn about. You'll be able to find out more when HashiConf releases videos of this week's sessions!