![Page 1: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/1.jpg)
HashiCorp Tooling
Value, Efficiency & Security
contino.io
![Page 2: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/2.jpg)
INTRODUCTIONS
Jordan TaylorDevOps Practitioner at Contino
Specialise in automation, configuration management, cloud orchestration & CI/CD
Favourite tools are Terraform, Docker and Vault
![Page 3: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/3.jpg)
TO THE CLOUD!
Why?
How?
![Page 4: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/4.jpg)
THE WHY
Avoid initial investment Cost savings
Flexibility Scalability
User control Speed of deployment
Out-of-the-box security and monitoring
![Page 5: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/5.jpg)
THE HOWMAGIC
Otherwise known as:● Infrastructure as
Code● Use of Cloud
orchestration tools
Enabling:● Cloud deployments
in a single command● Auto-scaling● Uncomplicated
deploy processes● AUTOMATION
![Page 6: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/6.jpg)
Company based in San Francisco
Insecure Systems Constrained ResourcesComplex WorkflowsManual Process
Effectively solve development, operations and security challenges such as:
Allowing for focus on business-critical tasks
![Page 7: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/7.jpg)
VAGRANT PACKER TERRAFORM SERF
NOMAD VAULT OTTOCONSUL
![Page 8: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/8.jpg)
AGENDA
Packer
Terraform
Use case: Taking a leading UK retailer into the Cloud with Packer and Terraform
Vault
![Page 9: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/9.jpg)
PACKER
Create images for an array of platforms all from a single source configuration.
![Page 10: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/10.jpg)
WHY ADOPT PACKER?
● Templated image builds
● Store templates in source control
● Pre-bake and pre-configure images
● Provide developers with SDKs in images
● Little engineer upskilling required
![Page 11: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/11.jpg)
PACKER: TECHNICAL FUNCTIONALITY
Build temporary cloud instance
Provision and configure it according to the template
Snapshot it
Abstraction of cloud provider API manipulation
![Page 12: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/12.jpg)
A PACKER TEMPLATE
![Page 13: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/13.jpg)
PACKER BEST PRACTICES
1. Directory structure 2. Image naming convention
![Page 14: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/14.jpg)
TERRAFORM
Allows the creation, combination and management of infrastructure resources across multiple providers.
![Page 15: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/15.jpg)
WHY ADOPT TERRAFORM?
● Infrastructure as Code
● Store templated infrastructure in source control
● Provide on-demand infrastructural flexibility
● Little engineer upskilling required
● Simple move to the cloud
![Page 16: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/16.jpg)
TERRAFORM TECHNICAL FUNCTIONALITY
Write Terraform templates
Execute ‘terraform plan’
Execute ‘terraform apply’
Resources deployed & state stored
● Abstraction of a cloud provider’s API, templated as code
● Store and manipulate the state of your infrastructure via metadata
![Page 17: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/17.jpg)
A TERRAFORM TEMPLATE
![Page 18: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/18.jpg)
TERRAFORM BEST PRACTICES
1. Store and share state wisely
2. Directory structure is key
![Page 19: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/19.jpg)
CONSIDER TERRAFORM ENTERPRISE
● Remote Terraform plans, applies, and locks
● Change management and access control policies
● GitHub integration
● Remote state storage
● Artifact registry
● Notifications
● Auditing
● Rollback State
![Page 20: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/20.jpg)
Taking a Leading UK Retailer into the Cloud
Client requirements:
● Equip workforce with the ability to move into the cloud
● Provide a template cloud architecture to move new teams/projects into the cloud
● Get rid of inflexible, long-life, isolated environments
● Scrap complex deployment processes and methodologies
![Page 21: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/21.jpg)
DELIVERABLES● Templated AWS architecture designed and
implemented● Essentials training to large audiences,
encouraging adoption of new tools● Key engineers upskilled to train internally● A project team moved into the cloud
![Page 22: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/22.jpg)
OUTCOMES
● Orchestrating infrastructure into the cloud with Terraform
● Deploying resources into AWS using Terraform, via Jenkins
● Creating pre-provisioned images with Packer
● Demonstrating configuration management capability with Chef
● Storing all Infrastructure as Code in Github
● Ready to upskill internally
![Page 23: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/23.jpg)
EQUIP YOUR ORGANISATION WITH CLOUD CAPABILITYContino Cloud Enablement Package:
● AWS Essentials (2 day)
● Chef Essentials (1 days)
● Packer & Terraform Essentials (1 day)
● Terraform Intermediate (1 day)
http://contino.io/resources/
![Page 24: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/24.jpg)
VAULT
Secret management system by Hashicorp
Secure storage Dynamic Secrets Leases AuditingSecure Infrastructure Automation
![Page 25: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/25.jpg)
VALUE OF VAULT
Pre-Vault = secret sprawl, decentralised keys, limited visibility, poorly-defined ‘break-glass’ procedures
Post-Vault = single secret source, pragmatic access, operational access, practical security
![Page 26: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/26.jpg)
VAULT COMPONENTS
Storage backend - Encrypted Vault data storage
Secret backend - Encrypted secret store
Audit backend - Log all interactions with Vault
Auth backend - Authenticate users to access Vault
![Page 27: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/27.jpg)
INTERACTING WITH VAULT
Server - HTTP API, manages interaction
Vault token - similar to session cookie, post-authorisation secret access
Barrier - All data transitions are encrypted, in and out
![Page 28: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/28.jpg)
INTERACTING WITH VAULT
Begin unsealing process
Gather shared key holders
Form master key
Unseal vault
Access secrets with Vault
![Page 29: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/29.jpg)
![Page 30: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/30.jpg)
VAULT ENTERPRISE
● 24x7x365 Phone and email support
● Hardware Security Module (HSM) integration
AUDITS● Vault's 0.5 audited by iSEC
![Page 31: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/31.jpg)
EQUIP YOUR ORGANISATION WITH VAULT
http://contino.io/resources/
Vault Essentials (1 day)
● How Vault works
● How to set-up and implement Vault
● How to store and manage secrets with Vault
● How to secure applications with Vault
![Page 32: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/32.jpg)
VALUE, EFFICIENCY & SECURITY
● Security with Vault
● Efficiency with Packer & Terraform
● Value with moving your organisation into the cloud swiftly, effectively and securely
![Page 33: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/33.jpg)
USEFUL LINKS
Packer documentation: https://www.packer.io/docs/
Terraform documentation: https://www.terraform.io/docs/index.html
Vault documentation: https://www.vaultproject.io/docs/index.html
Contino offerings: http://contino.io/resources/
![Page 34: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/34.jpg)
CONTINO OVERVIEWWe help Enterprise organisations transform their software delivery engines.
We do this by delivering on key strategic technology initiatives whilst also upskilling our clients workforce and supporting the development of a more vibrant engineering culture.
▪ Transform how you work with enterprise DevOps and Continuous Delivery
▪ Transform your infrastructure with Cloud
▪ Transform your application delivery with Containers
▪ Transform your enterprise architecture with Microservices
Based on our engagements with many global enterprise clients, we have developed significant IP in how to transform to DevOps and adopt the associated technology stacks within an enterprise setting.
![Page 35: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/35.jpg)
SOME OF OUR CLIENTS
![Page 37: Hashicorp Tooling: Value, efficiency & security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/58832b5a1a28abe2758b7683/html5/thumbnails/37.jpg)
NEED HELP? GET IN TOUCH
Achieving value, efficiency and security may not be so difficult…
Call us: 0203 227 0961
Email us: [email protected]
Our offerings: contino.io/resources