The new feature enables service segmentation, which isolates traffic between services through identity-based authorization.
San Francisco-based software company HashiCorp has announced a major security-focused update to Consul – an open source service mesh to connect, secure, and configure services in dynamic network environments.
With the new feature, called Consul Connect, users can now efficiently secure service-to-service communications for containerized and non-containerized services in cloud or on-premises environments.
The new approach brings complex service-to-service communication patterns, increased scale, dynamic IP addresses, ephemeral infrastructure, and a low-trust network environment. These dynamic environments require a service mesh that allows users to discover, configure, and connect services across their on-premises and cloud-based fleet.
Prior to this release, Consul solved the discovery and configuration use cases with DNS for discovery and Key/Value for configuration. The Consul Connect feature now solves the segmentation use case. All three of these features work together to provide a complete service mesh solution that works on any platform.
According to Armon Dadgar, founder and co-CTO of HashiCorp, “Consul has been used for years as a service discovery and service configuration tool. Now with Consul Connect, Consul rounds out its capabilities as a true service mesh and addresses that third challenge. Consul now significantly simplifies the way that you enforce service connectivity, enabling you to replace what can be many thousands of IP-based firewall rules with a few service-based intentions.”
“By solving security challenges at the service layer, we simplify our network requirements and make it easy for networking and security teams to manage, while removing a bottleneck for developers to adopt cloud,” he added.
First released in 2014, Consul already runs on more than 5 million machines worldwide.
The new Consul Connect capability enables service segmentation, which isolates traffic between services through identity-based authorization. It assigns each service a unique identity using Transport Layer Security (TLS) certificates. Consul uses a set of simple rules to describe which services are allowed to communicate directly and then secures that communication with mutual TLS.
Consul enforces security at the service level, rather than relying on the underlying network. Consul Connect decouples policy from IP addresses, ensuring consistent security policies are always applied as services are scaled and deployed dynamically.
The public beta of the HashiCorp Consul Connect capabilities are now available as part of the Consul 1.2 open source release.