Announcing HashiCorp Terraform Cloud Business Tier
Today we’re announcing availability of the new Business tier offering for HashiCorp Terraform Cloud. This new tier includes enterprise features for advanced security, compliance and governance, the ability to execute multiple runs concurrently, and flexible support options.
Over the past several years, hundreds of the world’s largest companies have relied upon Terraform Enterprise to automate the provisioning, compliance, and management of their infrastructure. As more and more workloads have shifted into public clouds, customer expectations have also shifted, and organizations increasingly want enterprise-class features without the need to host and operate Terraform Enterprise themselves.
HashiCorp offers Terraform Cloud as a service and it has provided the best way for practitioners and teams to securely store the state of their infrastructure, remotely apply changes, and collaborate with others in a way that ensures consistency. Terraform Cloud has added more than 5,000 new users per month since the initial release in 2019, with over 500,000 runs executed monthly, and we continue to see growing demand for Terraform Cloud from organizations that want to consume infrastructure as a managed service.
Practitioners, teams, and smaller organizations have been able to take advantage of the existing Free, Team, and Governance offerings to collaborate, automate compliance processes, and ensure the consistent application of best practices via the private module registry. However, large enterprises that operate in more complex and higher scale environments have had additional requirements for Terraform Cloud.
Today we’re announcing the addition of the new Business tier in Terraform Cloud to meet these expanded needs. New capabilities include:
- Enterprise features: Single sign-on (SSO), self-hosted agents to selectively run workers to provision and manage private and on-premises resources, and audit logs to view significant events.
- Job concurrency: The ability to scale multiple concurrent jobs on Terraform to keep up with the demand of end-users creating, updating, and deleting infrastructure.
- Support: Service Level Agreements (SLAs) and support options that fit organizational needs.
» Single Sign-On (SSO) via Okta
When we spoke to customers about what they wanted to add to Terraform Cloud to help them onboard their teams more effectively, SSO using their existing federated identity provider was at the top of that list. However, we didn’t want to just tick a box on a feature list, we wanted to give our customers the best SSO experience possible. Since a large number of our customers use Okta, we made a first-class Okta experience the priority. Here’s a glimpse at how simple this is:
Integrating Okta as your IdP is simply a matter of providing Terraform Cloud with the Okta metadata URL. Fill in a single field, and it’s ready to be enabled. All of the required SAML 2.0 compliant configuration options (i.e., X.509 Certificate, IdP Sign-on URL, Single Logout URL) are applied behind the scenes, and you’ll be ready to enable SSO in a matter of seconds.
We have heard from organizations that would like to use SSO with Azure AD and other SAML 2.0 compliant IdPs, and we look forward to providing the integration options for that in the future.
» Self-Hosted Agents to Securely Enable the Use of Private Resources
Many organizations have a significant and often growing investment in their existing on-premises datacenters. Even if those organizations have gone all-in on the public cloud, they frequently have the need to manage resources that they don’t want accessible from the public internet. This presents a challenge for a managed service that operates on the public internet and needs to be able to reach those private resources.
With the Business tier, our Terraform Cloud Agents will now allow entitled customers to decide where they want to have their Terraform runs execute. Have a private environment that you want Terraform Cloud to manage, but also need to keep ingress from the internet blocked so it stays private? Just deploy a Terraform Cloud Agent inside that network and it will connect back to Terraform Cloud securely, retrieve any work it needs to complete, apply the changes, and then update the results back in Terraform Cloud.
You also have the flexibility to choose which workspaces use your self-hosted agents, and which ones continue to use the fully managed Terraform Cloud alternative. This new capability gives you the benefit of a self-hosted option when you need that extra control, with the simplicity of a managed option when you don’t.
Additionally, Terraform Cloud now supports an IP Ranges API endpoint that makes it easy for organizations to limit their exposure in situations where they do want to make certain services available to Terraform Cloud. For example, if a private Version Control System (VCS) is in play, this new API will make it simple for the security team to be very specific about what is allowed to access it and from where. The IP Ranges API also comes with a 24-hour advance notice policy, where any changes will be published at least 24 hours before taking effect.
» Audit Logging and Operational Visibility via Splunk
Once you have multiple teams collaborating and resources being managed through a blend of Terraform Cloud and self-hosted agents, it becomes more important than ever to understand what’s happening and when. Our customers told us they didn’t want yet another place to look to find this information. Many have already made an investment in centralized logging using Splunk. So again, we wanted to give people the best out-of-the-box experience possible that works with the services they are already using.
The Terraform Cloud for Splunk app is now available in Splunkbase. It’s available for use within Splunk Cloud or Splunk Enterprise, and once installed and configured it presents a number of preconfigured dashboards and data tables within the Splunk interface:
Data is regularly pulled into Splunk and the app provides near real-time visibility into key actions. You can quickly see which workspaces are generating the most frequent changes, which Sentinel policies are being evaluated most frequently, and which users are most active. For deeper analysis, you can then filter by a number of attributes to inspect individual events.
For customers that aren’t using Splunk, we’ve also made the audit events available via a JSON API, allowing them to be integrated into any other system.
» Job Concurrency
Collaborating with a large number of colleagues across thousands of workspaces will mean a constant stream of changes being planned and applied. The standard approach within Terraform Cloud is to queue and process this work sequentially. Business tier customers are now able to purchase additional concurrency. This enables multiple jobs to be processed in parallel reducing the duration any team has to wait for their work to be completed.
» Backed by an SLA
We’ve been operating Terraform Cloud for customers for just under a year now, and our status page shows a historical uptime that we’re incredibly proud of. Simply pointing to historical performance isn’t always enough though, and customers have asked us for SLA commitments going forward. So alongside this launch and the recent announcement of HashiCorp Cloud Platform, we’ve announced Service Level Agreements for all of our cloud offerings.
» Getting Started
Terraform Cloud is free to get started and organizations can upgrade to the Team and Governance or the Business tier at any time. To get started, sign-up for Terraform Cloud and follow our Get Started tutorial or contact HashiCorp Sales.
» Watch the Live Announcement
Watch the live announcement and demo of Terraform Cloud Business Tier with HashiCorp co-founder and CTO Armon Dadgar and HashiCorp Technical Marketing Manager Kyle Ruddy.
Sign up for the latest HashiCorp news
More blog posts like this one
5 ways to improve DevEx and security for infrastructure provisioning
Still using manual scripting and provisioning processes? Learn how to accelerate provisioning using five best practices for Infrastructure Lifecycle Management.
Fix the developers vs. security conflict by shifting further left
Resolve the friction between dev and security teams with platform-led workflows that make cloud security seamless and scalable.
HashiCorp at AWS re:Invent: Your blueprint to cloud success
If you’re attending AWS re:Invent in Las Vegas, Dec. 2 - Dec. 6th, visit us for breakout sessions, expert talks, and product demos to learn how to take a unified approach to Infrastructure and Security Lifecycle Management.