Skip to main content
HashiTalks 2025 Learn about unique use cases, homelab setups, and best practices at scale at our 24-hour virtual knowledge sharing event. Register
Recorded Webinar

Secure Routing and Traffic Management with Ambassador and HashiCorp Consul

Learn about the routing and secure end-to-end communication capabilities of Consul Connect and Ambassador and how to use them in your network architecture.

Speakers

One of the key steps in any digital transformation or migration from "heritage" infrastructures and monolithic architectures to modern hybrid cloud infrastructures and microservice architectures, is the process of decoupling apps from their infrastructure: incrementally and securely.

"Securely" is a crucial pillar of this transition, because according to Gemalto's Breach Level Index about 98% of the records compromised in data breaches are unencrypted on some level. There are multiple ways you need to harden your modern systems against PII theft:

  • Secure your data at rest
  • Harden your compute
  • Secure your data in transit (i.e. your communications)

This webinar, hosted by HashiCorp developer advocate Nic Jackson and Datawire product architect Daniel Bryant, will focus on locking down your communications with some elegant encryption methods. Two tools that can help manage network traffic securely in modern environments and service-based architectures are Ambassador and HashiCorp Consul. Ambassador is an API gateway (or Edge gateway) that handles north-south "ingress" traffic. Consul is a service discovery registry and service mesh control plane that manages and secures east-west, service-to-service traffic.

Outline

0:00 — Introduction to Consul, Ambassador, and modern security challenges & solutions

23:25 — Demo: Securing traffic between services with Consul Connect and Ambassador

38:30 — Conclusion and extra content

47:04 — Q&A

Q&A

  • You mention moving towards the proposed architecture step-by-step. What would be the right place to start? How does the 'hybrid' situation work until you are in the pure service-based separation?

  • Consul used Envoy for the proxy. Why not have the proxy built into Consul? Is Envoy the standard?

Slides

More resources like this one

3/15/2023Case Study

Using Consul Dataplane on Kubernetes to implement service mesh at an Adfinis client

1/20/2023FAQ

Introduction to Zero Trust Security

1/4/2023Presentation

A New Architecture for Simplified Service Mesh Deployments in Consul

12/31/2022Presentation

Canary Deployments with Consul Service Mesh on K8s