Time
4 hours 53 minutes
Difficulty
Beginner
CEU/CPE
5

Video Transcription

00:00
welcome to our next lesson on vault. In this section, we're gonna talk about alternative technologies devote to take a minute to think about multi cloud.
00:08
And what are the considerations? Because that's a term that's thrown around a lot. And if you're at a smaller company, you might have a single cloud vendor. You may say we're using Google Cloud
00:21
and the entire company. All cloud related activities run on Google Cloud.
00:26
Bigger companies, large enterprises. They're gonna have different departments that maybe using different cloud providers, right in a multi car environment.
00:36
Things can also happen if you are smaller company and you get acquired or your bigger company and you require a smaller company. That company may not be using the same cloud vendor that you have considered your standard, and it's unlikely that is worth
00:54
the entire migration effort, and certainly it would take place
00:58
over a long period of time. If you say really want to keep everybody on this lame cloud provider, um,
01:03
you're gonna have to have this period of time at least a period of time, if not indefinitely, where you are accommodating multiple clouds. As a result of the acquisition,
01:14
fourth cloud vendors themselves will provide discounts and subsidies to different companies during the course of business. So that can also bring a very large incentive to start using one cloud vendor of certain capabilities with one cloud vendor over another at the same time, it doesn't mean you're going to
01:33
completely
01:34
remove everything and pick up and go from Cloud Vendor A over to cloud vendor. Be right if Google is giving you a great deal on there
01:45
AI processing capabilities and integrate subsidy. But at the same time Amazon is is giving you steep discounts on your s three bucket storage. You're gonna end up in a multi cloud situation whether or not you want to do that as a technology really becomes a good business decision. And then finally there is the best of breed consideration.
02:05
Cloud vendors
02:06
bring platform as a service. These are so far above and beyond the traditional infrastructures of service. We have virtual machines. You have storage right platform as a service are providing things such as How do you manage your fleet off I O. T devices and communication and event broadcasting
02:24
to the devices and registration of the devices.
02:28
Other platform as a service may include kubernetes as a service. So rather than spending up a bunch of virtual machines and then installing kubernetes, you use the kubernetes as a service. You now don't have to worry about managing the various
02:42
virtual machines that you're different pods are being deployed to. You're dealing with it at a higher level of abstraction.
02:47
Other areas include big data, big Data analysis. Instead of managing a farm of virtual machines and then insuring that your spark queries get distributed appropriately, you can work at a higher level
03:01
and be abstracted from the fact of what machines thes air working on. We also see databases database platform as a service, right? So you're not managing virtual machines that reduce and create a cluster of databases to you. It's just one connection string. And then there's a bunch of magic that happens behind the scene. Well, the cloud providers taking care of those
03:21
and certain cloud providers
03:23
are going to get stronger in their offerings as platform as a service over time, based on their own competencies, the areas of strategic vision that these companies have. So these air reasons to say multi cloud is a reality there. There is a lot of probability that you're gonna get into these kind of circumstances.
03:43
All of it is a Segway into taking a look at what about the cloud providers themselves? And don't they have
03:51
vaults their own implementations of vaults, such as Amazon Kms? Key Management Service Right deserves Key Vault, Google's Cloud Key management service.
04:02
These products often focus on having strong encryption and storing keys and storing secrets and storing certificates.
04:14
But there are capabilities that we've even already touched on it. We're gonna dive into deeper. That vault provides that you're just not going to get with the cloud provider vaults when we talk about dynamic secrets and rotating the secrets and managing leases and revoking secrets. If, in the event of a compromise
04:34
to start closing things out, let's look at Vault enterprise,
04:39
we won't be spending a lot of time on it in this training. It's really focused on the open source version of vault, but I do want toe provide you with some of the capabilities in an overview so that you can then go and look into it more in the event that you choose to really adopt vault within your enterprise. Things is such as a cluster replication, right? Getting that
04:58
high availability we talked about
05:00
HSM supports on Inter Be augmentation Seal rap
05:05
performance. Standby, right? If you think about vault and hosting the secrets, there's going to be a whole lot of read operations, and you may want to configure it. So there's multiple vault nodes. One is the source of truth, the one that supports, read and write operations. But then you can set up
05:24
the standby nodes
05:26
to help with the read operations. In the event that that that the single primary node starts getting overloaded, there's other things, such as multi factors, authentication and sentinel. For more advanced policy knowledge. Mint certainly go to the Hash Corp site.
05:43
If you're interested in it, explore these further. I'm sure they'd be happy to give you
05:47
a deeper dive into the differences between normal open source vault, which is what we're going to be using in the Enterprise version of vault.
05:58
To recap in this video, we talked about the realities of multi cloud situations that air likely to happen with your company with other companies, motivations why you may want to be actually in a motivate a multi cloud situation. Then we touched on cloud provider vaults
06:17
and
06:18
took into account the benefits of having a consistent method of managing keys, as opposed to working with the particular cloud provider vault solutions and some of the shortcomings of those vaults solutions.
06:30
And then we finalized by touching on major differences between the vault Open source edition that we're gonna be working with and the Vault Enterprise Edition.

Up Next

Vault Fundamentals

Learn how HashiCorp Vault can improve your security posture when it comes to storing sensitive passwords, maintaining confidential keys, implementing encryption, and establishing robust access management.

Instructed By

Instructor Profile Image
James Leone
Cloud, IoT & DevSecOps at Abbott
Instructor