HashiConf Digital October 2020 Wrapup

Rich Burroughs October 27, 2020

Conferences

HashiConf Digital October 2020 was the second HashiConf to be held online due to the coronavirus pandemic. It was held on October 14 and 15 on HashiCorp’s digital event platform. As of this writing, recordings of the talks are available on the platform, but they will be posted soon to HashiCorp’s YouTube channel.

Day One: Big Announcements

I’d been to several HashiConfs in the past, but I knew this one was going to be pretty exciting. HashiCorp co-founder Mitchell Hashimoto had been teasing some pretty big announcements on Twitter.

It had been a while since we’d seen a new product from HashiCorp, let alone two, so I was pretty stoked.

The Keynotes

The theme for day one was security. The keynotes started with Mitchell and co-founder Armon Dadgar. Right as the talk was starting, I saw the first new open source tool announced on Twitter. It’s called Boundary, and it manages connections to dynamic hosts and services. Mitchell did a great job explaining the problem they were trying to solve. Traditionally people would connect to servers that had static IP addresses, over VPNs, or from bastion hosts. Now that infrastructures have become much more dynamic, it’s more challenging to access resources on a secure network.

With Boundary, users authenticate and then access resources on the secure network by proxying through Boundary worker nodes. Boundary has built-in RBAC to manage user accounts. It all sounds really slick. Boundary is open source, and the GitHub repo is here. There are also tutorials on the HashiCorp Learn site.

During the rest of the keynote, Mitchell and Armon gave updates on Vault and Consul. Managed Vault on AWS is now available on HashiCorp Cloud Platform in private beta. Consul 1.9 beta is out too.

One thing that came across in the keynotes was that HashiCorp had upped their virtual conference game since the first HashiConf Digital, which was held in June. The presentations felt a lot tighter, and they even cut between multiple cameras. The MCs Jacquie Grinrod and Jake Lundberg did an excellent job, It seemed like more of their content was scripted this time, which added some polish. I’m seeing more examples of people embracing the idea that virtual conferences are a lot like television broadcasts, with some interactivity added in.

Product Announcements: Vault and Boundary

Next up was Vinod Muralidhar with a presentation titled Vault as a Security Platform and Future Direction. He shared an interesting story about how HashiCorp built Vault as an internal tool to store secrets during Terraform’s development and productized later. He covered some of the important Vault features like Advanced Data Protection (ADP).

Pete Pacent and Jeff Mitchell gave an excellent overview of Boundary. If you’re interested in it, it would be worth watching their talk. They showed off some cool things, like how Boundary is zero trust (it denies connections by default), and how everything in Boundary can be expressed as a Terraform resource. The integrations between the different HashiCorp tools are one of their significant strengths.

I took a lunch break after this talk and missed the next few. This was one of my few complaints about the conference, that there wasn’t a midday break. Physical conferences would schedule 60 or even 90 minutes for lunch, but some virtual events are just skipping it. I know people are in different time zones, but I think there still should be a time set aside for people who are watching start to finish to step away. If an event doesn’t schedule that, I recommend finding times to take breaks anyway.

Product announcement: Nomad

Next I caught the Nomad Product Keynote, presented by Mitchell, Armon, and Yishan Lin. Nomad is a tool that I think is very cool, but I haven’t used it much. It’s a container scheduler and I’ve spent more time with Kubernetes. But there are some cool Nomad use cases, like situations where managing Kubernetes is just too much overhead. Some shops use both k8s and Nomad, and Nomad is an excellent solution for things like batch jobs. It can also run workloads that aren’t containers. The big news from the talk is that Nomad 1.0 is launching on 10/27, and they are adding support for namespaces to the open source version. That last bit is huge, and kudos to HashiCorp for taking care of the open source Nomad community. It’s a hard balance to strike between enterprise features that pay the bills and keeping an open source community happy.

Talk: Threat Modeling

Next up was a fantastic talk from Andy Manoske called Building Security Through Adversarial Modeling. This was one of my favorite talks of the conference, and I highly recommend tracking down the video. Andy used Vault as an example and talked through how a hacker named Acid Burn might attack it (you may have heard of her; she is pretty leet).

This was a great intro to threat modeling and thinking like an attacker, and it reminded me of another talk I loved.

If you’re building tools, you should be thinking about how attackers will try to use them.

In Conversation With Adrian Colyer

The last session of the day was Anubhav Mishra and Nic Jackson talking with Adrian Colyer, a Venture Partner at Accenture. Mishra and Nic are some of my favorite people, and I enjoy seeing them do these interviews. The early parts of the discussion missed me a bit, as they talked a lot about Adrian’s experiences with Spring and Cloud Foundry, and I don’t have experience with either of those technologies. But I liked hearing about his blog, The Morning Paper, and how he evaluates technologies in his role at Accenture. I’m going to have to dig into his blog sometime.

Day Two: Introducing Waypoint

The Keynotes

Thursday kicked off with another keynote from Mitchell and an even bigger announcement than Boundary. The next open source tool that he introduced is called Waypoint, and I think it may have a considerable impact on software development. Mitchell talked about how there is a lot of confusion specifically in the Build/Deploy/Release part of people’s workflows. Different shops use different tools, and there are various tools available on different cloud providers. Waypoint is intended to fill that gap, and it looks super slick.

In the same way that Terraform provides people a way to manage resources across different kinds of infra, Waypoint looks to give people a unified way to push out their code. It’s very exciting. You can find Waypoint on GitHub, and there are tutorials for it on the Learn site.

I think Terraform won the resource management space a long time ago, and there’s a chance that Waypoint will do the same for build/deploy/release tools, although it has more competition. Whether it wins the space or not, it looks great.

Unfortunately, I missed most of the Waypoint deep dive talk that happened next, as I got pulled away to do some work. But I will likely go back and watch it.

Product Keynotes: Terraform and Consul

These talks happened in different parts of the day, but they were pretty similar. In both of the talks, Mitchell and Armon gave history lessons on the tools, and it was one of my favorite things about the conference. I think people having context about how tools were created and why is very helpful. In Terraform’s case, it was interesting to hear that they initially considered an agent-based model and eventually decided against it. Mitchell also said that initially he regretted including the key-value store in Consul because people were building their own tools on top of it instead of using Consul for service discovery. All fascinating background.

There was also talk about new features with these tools and great demos. If you use Terraform or Consul, you should have a look.

Customer Use Cases

There were a couple of talks on day two from customers using HashiCorp tools. John Spencer talked about how they use HashiCorp tools at Bowery Farming, and they use pretty much the whole Hashi stack, along with Ansible.

Later, Thomas Lefebvre talked about how Cloudflare uses Nomad on the edge. I was a bit surprised to find out that Cloudflare uses Nomad, but they use Kubernetes for some things too. They use Consul on the edge, which was a factor in favor of Nomad.

It was great to hear these customer stories.

That was all of the talks I could catch on the second day, due to some work I had to do. But I especially enjoyed the HashiCorp history lessons, and the Waypoint announcement.

I didn’t get a chance to watch any of the lightning talks during the conference. I think they all overlapped with the main tracks. I would have been more likely to watch them if they had been held in one session, on the second conference track.

Conclusion

This event was a lot of fun, and I thought the HashiCorp folks leveled it up compared to the June event. There was a lot of excitement with the new product announcements too. I’m especially looking forward to playing with Waypoint sometime soon. If you get a chance to experiment with it, you can post your results on Twitter with the #waypointup hashtag.

Learn more about FireHydrant

We’re working on a suite of tools to make managing complex systems easier, for everyone. For free.

Try It For Free