Vault Open Source vs Enterprise v2
•Download as PPTX, PDF•
0 likes•2,170 views
Hashicorp Vault Open Source vs Enterprise
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Vault Open Source vs Enterprise v2
Similar to Vault Open Source vs Enterprise v2 (20)
More from Stenio Ferreira
More from Stenio Ferreira (16)
Recently uploaded
Recently uploaded (20)
Vault Open Source vs Enterprise v2
- 1. Copyright © 2019 HashiCorp Hashicorp Vault
- 2. Copyright © 2019 HashiCorp ∕ Company Overview Copyright © 2019 HashiCorp ∕ 2 Founded in 2012 by Mitchell Hashimoto and Armon Dadgar Enabling the Cloud Operating Model Provision, Secure, Connect, and Run any infrastructure for any application
- 3. Copyright © 2019 HashiCorp Digital Transformation
- 4. Copyright © 2019 HashiCorp ∕ The Transition to Multi-Cloud Copyright © 2019 HashiCorp ∕ 4 Traditional Datacenter “Static” Dedicated Infrastructure Modern Datacenter “Dynamic” AWS Azure GCP+ + +Private Cloud + “Ticket-based” “Self-service”
- 5. Copyright © 2019 HashiCorp ∕ The Transition to Multi-Cloud Copyright © 2019 HashiCorp ∕ 5 Traditional Datacenter “Static” Dedicated Infrastructure Modern Datacenter “Dynamic” AWS Azure GCP+ + +Private Cloud + Why? • Capex to Opex • Scale, repeatability, maintainability • Access to new technologies
- 6. Copyright © 2019 HashiCorp ∕ The Transition to Multi-Cloud Copyright © 2019 HashiCorp ∕ 6 Traditional Datacenter “Static” SYSTEMS OF RECORD SYSTEMS OF ENGAGEMENT Dedicated Infrastructure Modern Datacenter “Dynamic” AWS Azure GCP+ + +Private Cloud +
- 7. Copyright © 2018 HashiCorp ∕ 7 A Common Operating Model with the HashiCorp Suite C++ Provision Operations Secure Security Run Development Connect Networking Private Cloud AWS Azure GCP
- 8. Copyright © 2019 HashiCorp Product Overview
- 9. Copyright © 2019 HashiCorp ∕ Secret Management With Vault Copyright © 2019 HashiCorp ∕ 9 A Common Cloud Operating Model Dynamic Secrets Leverage time-bound credentials or rotate passwords for databases, cloud platforms and more. Encryption as a Service One workflow to create and manage keys used to encrypt your data in-flight and at rest. Centralized Secrets Management Securely store, access, and deploy sensitive information through a centralized workflow.
- 10. Vault Basic Workflow Diagram showing a client (human or service) retrieving a static secret Common questions: • Where are secrets stored? Vault supports a variety of storage methods, such as disk, database, S3, Consul. • How are secrets encrypted? Vault uses 256-bit Advanced Encryption Standard (AES) cipher in the Galois Counter Mode (GCM) with 96-bit nonces. • What auth methods are supported? Active Directory, Gmail, Github, AWS, Azure, Kubernetes JWT, and more. • What type of secrets are supported? Static, Dynamic, PKI (TLS certificates), Database, Encryption Keys and more.
- 11. Copyright © 2019 HashiCorp ∕ Vault Enterprise: Copyright © 2019 HashiCorp ∕ 11 • Replication • Team Tools • Governance & Compliance
- 12. Copyright © 2019 HashiCorp ∕ Vault Enterprise: Replication Copyright © 2019 HashiCorp ∕ 12
- 13. Copyright © 2019 HashiCorp ∕ Vault Enterprise: Team Tools Copyright © 2019 HashiCorp ∕ 13 • Namespaces Multi-tenancy for teams • Control Groups Access approval workflow • Multi-factor Authentication Human based workflows
- 14. Copyright © 2019 HashiCorp ∕ Vault Enterprise: Governance & Compliance Copyright © 2019 HashiCorp ∕ 14 • Sentinel Compliance rules (IP, day, time restrictions) • Mount filters (replication) Specify which secrets get replicated • FIPS compliance Using HSM integration
- 15. ∕Copyright © 2019 HashiCorp 15 www.hashicorp.com hello@hashicorp.com Thank you
- 16. What Leading Software company for creative apps. Creative Cloud and Adobe Experience – analytics, ads Challenge • Multiple secret management solutions • How to accomplish secure introduction of services • Large scale, distributed, multi- cloud Why Vault? • Easy REST API • Highly Available • Centralized audit Result • Company-wide solution • Ability to deploy short lived, dynamic secrets • Secure introduction with response wrapping Case Study – Adobe / Vault
- 17. Case Study – Adobe / Vault Reference: https://youtu.be/THlpkBioAWQ
- 18. Copyright © 2018 HashiCorp ∕ Business Challenges Copyright © 2018 HashiCorp ∕ ∕ TRADITIONAL APPROACH TO DYNAMIC INFRASTRUCTURE 18 Increased risk of breach. Secrets sprawled across different systems, files, and repositories. Reduced productivity. Inefficiencies with managing different systems to manage secrets, HSMs, and cryptographic operations across an organization and different teams Increased risk of data exposure. Multi-cloud creates a larger surface area to secure and encrypting data across hybrid environments with HSMs is painful and hard to use
- 19. Copyright © 2018 HashiCorp ∕ Business Value Copyright © 2018 HashiCorp ∕ ∕ VAULT APPROACH TO DYNAMIC INFRASTRUCTURE Reduce risk of a breach Eliminate static, hard-coded credentials by centralizing secrets in Vault and tightly controlling access based on trusted identities. Reduce risk of data exposure Encrypt sensitive data in transit and at rest using centrally managed and secured encryption keys in Vault, all through a single workflow and API. 19 Increase productivity and efficiency With one platform for secrets management and data encryption through a CLI, API, and GUI.
Editor's Notes
- Talk about what’s happening in the world of infrastructure where we are going through a transition that happens in our industry every 20 years: this time from one which is largely dedicated servers in a private datacenter to a pool of compute capacity available on demand. In simple terms, this is a shift from “static” infrastructure to ‘dynamic infrastructure’ which is the reality of cloud. And while the first cloud provider was AWS, it is clear that it will be a multi-cloud world. Each of these platforms have their own key advantages and so it is inevitable that most G2K organizations will use more than one. This is not about moving applications around (since data gravity is a constraint) but rather creates a need for a common operating model across these distinct platforms that allows different teams to leverage the platform for their choice.
- Talk about what’s happening in the world of infrastructure where we are going through a transition that happens in our industry every 20 years: this time from one which is largely dedicated servers in a private datacenter to a pool of compute capacity available on demand. In simple terms, this is a shift from “static” infrastructure to ‘dynamic infrastructure’ which is the reality of cloud. And while the first cloud provider was AWS, it is clear that it will be a multi-cloud world. Each of these platforms have their own key advantages and so it is inevitable that most G2K organizations will use more than one. This is not about moving applications around (since data gravity is a constraint) but rather creates a need for a common operating model across these distinct platforms that allows different teams to leverage the platform for their choice.
- As has been the case in every prior infrastructure transition, the catalyst for this shift is a change in the TYPE of application being built today. These new ‘systems of engagement’ (credit Geoffrey Moore) — those applications built to engage customers and users — tend to (a) be very “spikey” in their usage characteristics (100K users at noon and 100 users at midnight) and (b) are under enormous pressure to be built quickly. Both of those characteristics make it inevitable that they will be on cloud. However invariably these new ‘systems of engagement’ must connect to ‘systems of record’ (e.g. the core database, the core mainframe system etc.) on-premises, and so organizations end up in this hybrid world whether they like it or not. http://wiki.p2pfoundation.net/Systems_of_Engagement
- In the cloud model, Vault inserts itself into the middle of this flow and creates an intermediary step.
- Talk about what’s happening in the world of infrastructure where we are going through a transition that happens in our industry every 20 years: this time from one which is largely dedicated servers in a private datacenter to a pool of compute capacity available on demand. In simple terms, this is a shift from “static” infrastructure to ‘dynamic infrastructure’ which is the reality of cloud. And while the first cloud provider was AWS, it is clear that it will be a multi-cloud world. Each of these platforms have their own key advantages and so it is inevitable that most G2K organizations will use more than one. This is not about moving applications around (since data gravity is a constraint) but rather creates a need for a common operating model across these distinct platforms that allows different teams to leverage the platform for their choice.
- In the cloud model, Vault inserts itself into the middle of this flow and creates an intermediary step.
- In the cloud model, Vault inserts itself into the middle of this flow and creates an intermediary step.
- In the cloud model, Vault inserts itself into the middle of this flow and creates an intermediary step.
- In the cloud model, Vault inserts itself into the middle of this flow and creates an intermediary step.